From: Tom Hughes <tom@compton.nu>
Date: Thu, 29 Jun 2017 07:58:29 +0000 (+0100)
Subject: Merge remote-tracking branch 'upstream/pull/1561'
X-Git-Tag: live~3380
X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/1b7586c9288d694b2bc443d62f3c40502868ff77?hp=f76f838c8494936f24c6207e3c2283181fd1d0d7

Merge remote-tracking branch 'upstream/pull/1561'
---

diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml
index ce7e5d9b2..2be52f7d6 100644
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -64,7 +64,7 @@ Metrics/BlockNesting:
 # Offense count: 62
 # Configuration parameters: CountComments.
 Metrics/ClassLength:
-  Max: 1782
+  Max: 1783
 
 # Offense count: 69
 Metrics/CyclomaticComplexity:
diff --git a/Gemfile b/Gemfile
index 035722963..4ce4a75f5 100644
--- a/Gemfile
+++ b/Gemfile
@@ -1,7 +1,7 @@
 source "https://rubygems.org"
 
 # Require rails
-gem "rails", "4.2.9"
+gem "rails", "5.0.4"
 
 # Require things which have moved to gems in ruby 1.9
 gem "bigdecimal", "~> 1.1.0", :platforms => :ruby_19
@@ -22,7 +22,7 @@ gem "sass-rails", "~> 5.0"
 gem "uglifier", ">= 1.3.0"
 
 # Use CoffeeScript for .js.coffee assets and views
-gem "coffee-rails", "~> 4.1.0"
+gem "coffee-rails", "~> 4.2"
 
 # Use jquery as the JavaScript library
 gem "jquery-rails"
@@ -42,7 +42,7 @@ gem "image_optim_rails"
 
 # Load rails plugins
 gem "actionpack-page_caching"
-gem "composite_primary_keys", "~> 8.1.0"
+gem "composite_primary_keys", "~> 9.0.7"
 gem "deadlock_retry", ">= 1.2.0"
 gem "dynamic_form"
 gem "http_accept_language", "~> 2.0.0"
@@ -51,6 +51,7 @@ gem "oauth-plugin", ">= 0.5.1"
 gem "paperclip", "~> 4.0"
 gem "rack-cors"
 gem "rails-i18n", "~> 4.0.0"
+gem "record_tag_helper"
 gem "rinku", ">= 1.2.2", :require => "rails_rinku"
 gem "validates_email_format_of", ">= 1.5.1"
 
@@ -103,12 +104,14 @@ gem "logstasher"
 
 # Gems useful for development
 group :development do
+  gem "listen"
   gem "vendorer"
 end
 
 # Gems needed for running tests
 group :test do
   gem "minitest", "~> 5.1", :platforms => [:ruby_19, :ruby_20]
+  gem "rails-controller-testing"
   gem "rubocop"
   gem "timecop"
   gem "webmock"
@@ -119,6 +122,6 @@ group :development, :test do
   gem "coveralls", :require => false
   gem "factory_girl_rails"
   gem "jshint"
-  gem "konacha"
+  #  gem "konacha"
   gem "poltergeist"
 end
diff --git a/Gemfile.lock b/Gemfile.lock
index 6cc819783..556bb8d43 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -2,45 +2,48 @@ GEM
   remote: https://rubygems.org/
   specs:
     SystemTimer (1.2.3)
-    actionmailer (4.2.9)
-      actionpack (= 4.2.9)
-      actionview (= 4.2.9)
-      activejob (= 4.2.9)
+    actioncable (5.0.4)
+      actionpack (= 5.0.4)
+      nio4r (>= 1.2, < 3.0)
+      websocket-driver (~> 0.6.1)
+    actionmailer (5.0.4)
+      actionpack (= 5.0.4)
+      actionview (= 5.0.4)
+      activejob (= 5.0.4)
       mail (~> 2.5, >= 2.5.4)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
-    actionpack (4.2.9)
-      actionview (= 4.2.9)
-      activesupport (= 4.2.9)
-      rack (~> 1.6)
-      rack-test (~> 0.6.2)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-dom-testing (~> 2.0)
+    actionpack (5.0.4)
+      actionview (= 5.0.4)
+      activesupport (= 5.0.4)
+      rack (~> 2.0)
+      rack-test (~> 0.6.3)
+      rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.2)
     actionpack-page_caching (1.1.0)
       actionpack (>= 4.0.0, < 6)
-    actionview (4.2.9)
-      activesupport (= 4.2.9)
+    actionview (5.0.4)
+      activesupport (= 5.0.4)
       builder (~> 3.1)
       erubis (~> 2.7.0)
-      rails-dom-testing (~> 1.0, >= 1.0.5)
+      rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.0.3)
-    activejob (4.2.9)
-      activesupport (= 4.2.9)
-      globalid (>= 0.3.0)
-    activemodel (4.2.9)
-      activesupport (= 4.2.9)
-      builder (~> 3.1)
-    activerecord (4.2.9)
-      activemodel (= 4.2.9)
-      activesupport (= 4.2.9)
-      arel (~> 6.0)
-    activesupport (4.2.9)
+    activejob (5.0.4)
+      activesupport (= 5.0.4)
+      globalid (>= 0.3.6)
+    activemodel (5.0.4)
+      activesupport (= 5.0.4)
+    activerecord (5.0.4)
+      activemodel (= 5.0.4)
+      activesupport (= 5.0.4)
+      arel (~> 7.0)
+    activesupport (5.0.4)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (~> 0.7)
       minitest (~> 5.1)
-      thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
     addressable (2.5.1)
       public_suffix (~> 2.0, >= 2.0.2)
-    arel (6.0.4)
+    arel (7.1.4)
     ast (2.3.0)
     autoprefixer-rails (7.1.1.2)
       execjs
@@ -59,16 +62,15 @@ GEM
     cliver (0.3.2)
     cocaine (0.5.8)
       climate_control (>= 0.0.3, < 1.0)
-    coffee-rails (4.1.1)
+    coffee-rails (4.2.2)
       coffee-script (>= 2.2.0)
-      railties (>= 4.0.0, < 5.1.x)
+      railties (>= 4.0.0)
     coffee-script (2.4.1)
       coffee-script-source
       execjs
     coffee-script-source (1.12.2)
-    colorize (0.8.1)
-    composite_primary_keys (8.1.6)
-      activerecord (~> 4.2.0)
+    composite_primary_keys (9.0.7)
+      activerecord (~> 5.0.0)
     concurrent-ruby (1.0.5)
     coveralls (0.8.21)
       json (>= 1.8, < 3)
@@ -93,6 +95,7 @@ GEM
       railties (>= 3.0.0)
     faraday (0.12.1)
       multipart-post (>= 1.2, < 3)
+    ffi (1.9.18)
     fspath (3.1.0)
     geoip (1.6.3)
     globalid (0.4.0)
@@ -132,16 +135,12 @@ GEM
       jsonify (< 0.4.0)
     jwt (1.5.6)
     kgio (2.11.0)
-    konacha (4.0.0)
-      actionpack (>= 4.1, < 5)
-      capybara
-      colorize
-      railties (>= 4.1, < 5)
-      sprockets (>= 2, < 4)
-      sprockets-rails (>= 2, < 4)
-      tilt
     libv8 (3.16.14.19)
     libxml-ruby (3.0.0)
+    listen (3.1.5)
+      rb-fsevent (~> 0.9, >= 0.9.4)
+      rb-inotify (~> 0.9, >= 0.9.7)
+      ruby_dep (~> 1.2)
     logstash-event (1.2.02)
     logstasher (1.2.1)
       activesupport (>= 4.0)
@@ -151,6 +150,7 @@ GEM
       nokogiri (>= 1.5.9)
     mail (2.6.6)
       mime-types (>= 1.16, < 4)
+    method_source (0.8.2)
     mime-types (3.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2016.0521)
@@ -160,6 +160,7 @@ GEM
     multi_json (1.12.1)
     multi_xml (0.6.0)
     multipart-post (2.0.0)
+    nio4r (2.1.0)
     nokogiri (1.8.0)
       mini_portile2 (~> 2.2.0)
     nokogumbo (1.4.13)
@@ -223,7 +224,7 @@ GEM
     psych (2.2.4)
     public_suffix (2.0.5)
     r2 (0.2.6)
-    rack (1.6.8)
+    rack (2.0.3)
     rack-cors (0.4.1)
     rack-openid (1.3.1)
       rack (>= 1.1.0)
@@ -231,36 +232,44 @@ GEM
     rack-test (0.6.3)
       rack (>= 1.0)
     rack-uri_sanitizer (0.0.2)
-    rails (4.2.9)
-      actionmailer (= 4.2.9)
-      actionpack (= 4.2.9)
-      actionview (= 4.2.9)
-      activejob (= 4.2.9)
-      activemodel (= 4.2.9)
-      activerecord (= 4.2.9)
-      activesupport (= 4.2.9)
+    rails (5.0.4)
+      actioncable (= 5.0.4)
+      actionmailer (= 5.0.4)
+      actionpack (= 5.0.4)
+      actionview (= 5.0.4)
+      activejob (= 5.0.4)
+      activemodel (= 5.0.4)
+      activerecord (= 5.0.4)
+      activesupport (= 5.0.4)
       bundler (>= 1.3.0, < 2.0)
-      railties (= 4.2.9)
-      sprockets-rails
-    rails-deprecated_sanitizer (1.0.3)
-      activesupport (>= 4.2.0.alpha)
-    rails-dom-testing (1.0.8)
-      activesupport (>= 4.2.0.beta, < 5.0)
-      nokogiri (~> 1.6)
-      rails-deprecated_sanitizer (>= 1.0.1)
+      railties (= 5.0.4)
+      sprockets-rails (>= 2.0.0)
+    rails-controller-testing (1.0.2)
+      actionpack (~> 5.x, >= 5.0.1)
+      actionview (~> 5.x, >= 5.0.1)
+      activesupport (~> 5.x)
+    rails-dom-testing (2.0.3)
+      activesupport (>= 4.2.0)
+      nokogiri (>= 1.6)
     rails-html-sanitizer (1.0.3)
       loofah (~> 2.0)
-    rails-i18n (4.0.9)
-      i18n (~> 0.7)
-      railties (~> 4.0)
-    railties (4.2.9)
-      actionpack (= 4.2.9)
-      activesupport (= 4.2.9)
+    rails-i18n (4.0.2)
+      i18n (~> 0.6)
+      rails (>= 4.0)
+    railties (5.0.4)
+      actionpack (= 5.0.4)
+      activesupport (= 5.0.4)
+      method_source
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     rainbow (2.2.2)
       rake
     rake (12.0.0)
+    rb-fsevent (0.9.8)
+    rb-inotify (0.9.10)
+      ffi (>= 0.5.0, < 2)
+    record_tag_helper (1.0.0)
+      actionview (~> 5.x)
     redcarpet (3.4.0)
     ref (2.0.0)
     request_store (1.3.2)
@@ -275,6 +284,7 @@ GEM
       unicode-display_width (~> 1.0, >= 1.0.1)
     ruby-openid (2.7.0)
     ruby-progressbar (1.8.1)
+    ruby_dep (1.5.0)
     safe_yaml (1.0.4)
     sanitize (4.5.0)
       crass (~> 1.0.2)
@@ -339,8 +349,8 @@ DEPENDENCIES
   autoprefixer-rails
   bigdecimal (~> 1.1.0)
   canonical-rails
-  coffee-rails (~> 4.1.0)
-  composite_primary_keys (~> 8.1.0)
+  coffee-rails (~> 4.2)
+  composite_primary_keys (~> 9.0.7)
   coveralls
   dalli
   deadlock_retry (>= 1.2.0)
@@ -357,8 +367,8 @@ DEPENDENCIES
   json
   jsonify-rails
   kgio
-  konacha
   libxml-ruby (>= 2.0.5)
+  listen
   logstasher
   minitest (~> 5.1)
   oauth-plugin (>= 0.5.1)
@@ -376,8 +386,10 @@ DEPENDENCIES
   r2
   rack-cors
   rack-uri_sanitizer
-  rails (= 4.2.9)
+  rails (= 5.0.4)
+  rails-controller-testing
   rails-i18n (~> 4.0.0)
+  record_tag_helper
   redcarpet
   rinku (>= 1.2.2)
   rotp
diff --git a/Rakefile b/Rakefile
index 39f9f3564..9a5ea7383 100644
--- a/Rakefile
+++ b/Rakefile
@@ -1,6 +1,6 @@
 # Add your own tasks in files placed in lib/tasks ending in .rake,
 # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
 
-require File.expand_path("../config/application", __FILE__)
+require_relative "config/application"
 
-OpenStreetMap::Application.load_tasks
+Rails.application.load_tasks
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 89636aaa8..534b37058 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,7 +1,7 @@
 class ApplicationController < ActionController::Base
   include SessionPersistence
 
-  protect_from_forgery
+  protect_from_forgery :with => :exception
 
   before_action :fetch_body
 
diff --git a/app/controllers/user_controller.rb b/app/controllers/user_controller.rb
index b6fc79b25..82373c90a 100644
--- a/app/controllers/user_controller.rb
+++ b/app/controllers/user_controller.rb
@@ -268,7 +268,7 @@ class UserController < ApplicationController
   def logout
     @title = t "user.logout.title"
 
-    if params[:session] == request.session_options[:id]
+    if params[:session] == session.id
       if session[:token]
         token = UserToken.find_by(:token => session[:token])
         token.destroy if token
diff --git a/app/views/layouts/_header.html.erb b/app/views/layouts/_header.html.erb
index 2b7d6313e..262989752 100644
--- a/app/views/layouts/_header.html.erb
+++ b/app/views/layouts/_header.html.erb
@@ -80,7 +80,7 @@
             <%= yield :greeting %>
           </li>
           <li>
-            <%= link_to t('layouts.logout'), logout_path(:session => request.session_options[:id], :referer => request.fullpath) %>
+            <%= link_to t('layouts.logout'), logout_path(:session => session.id, :referer => request.fullpath) %>
           </li>
         </ul>
       </div>
diff --git a/app/views/user/logout.html.erb b/app/views/user/logout.html.erb
index bb67d1581..2620cdaa6 100644
--- a/app/views/user/logout.html.erb
+++ b/app/views/user/logout.html.erb
@@ -4,6 +4,6 @@
 
 <%= form_tag :action => "logout" do %>
   <%= hidden_field_tag("referer", h(params[:referer])) %>
-  <%= hidden_field_tag("session", request.session_options[:id]) %>
+  <%= hidden_field_tag("session", session.id) %>
   <%= submit_tag t('user.logout.logout_button') %>
 <% end %>
diff --git a/config.ru b/config.ru
index 193e5fed8..441e6ff0c 100644
--- a/config.ru
+++ b/config.ru
@@ -1,4 +1,5 @@
 # This file is used by Rack-based servers to start the application.
 
-require ::File.expand_path("../config/environment", __FILE__)
+require_relative "config/environment"
+
 run Rails.application
diff --git a/config/application.rb b/config/application.rb
index ff9ac1602..02dd1d2b2 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -1,6 +1,6 @@
-require File.expand_path("../boot", __FILE__)
+require_relative "boot"
 
-require File.expand_path("../preinitializer", __FILE__)
+require_relative "preinitializer"
 
 if STATUS == :database_offline
   require "action_controller/railtie"
@@ -22,17 +22,6 @@ module OpenStreetMap
     # Application configuration should go into files in config/initializers
     # -- all .rb files in that directory are automatically loaded.
 
-    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
-    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
-    # config.time_zone = 'Central Time (US & Canada)'
-
-    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
-    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
-    # config.i18n.default_locale = :de
-
-    # Do not swallow errors in after_commit/after_rollback callbacks.
-    config.active_record.raise_in_transactional_callbacks = true unless STATUS == :database_offline
-
     # Custom directories with classes and modules you want to be autoloadable.
     config.autoload_paths += %W[#{config.root}/lib]
 
diff --git a/config/boot.rb b/config/boot.rb
index fb24cf2ed..282011619 100644
--- a/config/boot.rb
+++ b/config/boot.rb
@@ -1,3 +1,3 @@
-ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", __FILE__)
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
 
 require "bundler/setup" # Set up gems listed in the Gemfile.
diff --git a/config/environments/development.rb b/config/environments/development.rb
index 01466ae75..9101bb1eb 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -1,4 +1,4 @@
-OpenStreetMap::Application.configure do
+Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
   # In the development environment your application's code is reloaded on
@@ -9,13 +9,14 @@ OpenStreetMap::Application.configure do
   # Do not eager load code on boot.
   config.eager_load = false
 
-  # Show full error reports and disable caching.
-  config.consider_all_requests_local       = true
-  config.action_controller.perform_caching = false
+  # Show full error reports.
+  config.consider_all_requests_local = true
 
   # Don't care if the mailer can't send.
   config.action_mailer.raise_delivery_errors = false
 
+  config.action_mailer.perform_caching = false
+
   # Print deprecation notices to the Rails logger.
   config.active_support.deprecation = :log
 
@@ -29,15 +30,13 @@ OpenStreetMap::Application.configure do
   # number of complex assets.
   config.assets.debug = true
 
-  # Asset digests allow you to set far-future HTTP expiration dates on all assets,
-  # yet still be able to expire them through the digest params.
-  config.assets.digest = true
-
-  # Adds additional error checking when serving assets at runtime.
-  # Checks for improperly declared sprockets dependencies.
-  # Raises helpful error messages.
-  config.assets.raise_runtime_errors = true
+  # Suppress logger output for asset requests.
+  config.assets.quiet = true
 
   # Raises error for missing translations
   # config.action_view.raise_on_missing_translations = true
+
+  # Use an evented file watcher to asynchronously detect changes in source code,
+  # routes, locales, etc. This feature depends on the listen gem.
+  config.file_watcher = ActiveSupport::EventedFileUpdateChecker
 end
diff --git a/config/environments/production.rb b/config/environments/production.rb
index ccba43daa..e421abc58 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -1,4 +1,4 @@
-OpenStreetMap::Application.configure do
+Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
   # Code is not reloaded between requests.
@@ -14,15 +14,9 @@ OpenStreetMap::Application.configure do
   config.consider_all_requests_local       = false
   config.action_controller.perform_caching = true
 
-  # Enable Rack::Cache to put a simple HTTP cache in front of your application
-  # Add `rack-cache` to your Gemfile before enabling this.
-  # For large-scale production use, consider using a caching reverse proxy like
-  # NGINX, varnish or squid.
-  # config.action_dispatch.rack_cache = true
-
   # Disable serving static files from the `/public` folder by default since
   # Apache or NGINX already handles this.
-  config.serve_static_files = ENV["RAILS_SERVE_STATIC_FILES"].present?
+  config.public_file_server.enabled = ENV["RAILS_SERVE_STATIC_FILES"].present?
 
   # Compress JavaScripts and CSS.
   config.assets.js_compressor = :uglifier
@@ -31,16 +25,20 @@ OpenStreetMap::Application.configure do
   # Do not fallback to assets pipeline if a precompiled asset is missed.
   config.assets.compile = false
 
-  # Asset digests allow you to set far-future HTTP expiration dates on all assets,
-  # yet still be able to expire them through the digest params.
-  config.assets.digest = true
-
   # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb
 
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
+  # config.action_controller.asset_host = 'http://assets.example.com'
+
   # Specifies the header that your server uses for sending files.
   # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
   # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
 
+  # Mount Action Cable outside main process or domain
+  # config.action_cable.mount_path = nil
+  # config.action_cable.url = 'wss://example.com/cable'
+  # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
+
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   # config.force_ssl = true
 
@@ -49,23 +47,22 @@ OpenStreetMap::Application.configure do
   config.log_level = :info
 
   # Prepend all log lines with the following tags.
-  # config.log_tags = [ :subdomain, :uuid ]
+  config.log_tags = [:request_id]
 
   # Use a different log path in production.
   config.paths["log"] = LOG_PATH if defined?(LOG_PATH)
 
-  # Use a different logger for distributed setups.
-  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
-
   # Use a different cache store in production.
   # config.cache_store = :mem_cache_store
 
+  # Use a real queuing backend for Active Job (and separate queues per environment)
+  # config.active_job.queue_adapter     = :resque
+  # config.active_job.queue_name_prefix = "rails50_#{Rails.env}"
+  config.action_mailer.perform_caching = false
+
   # Configure caching of static assets
   config.action_controller.page_cache_directory = Rails.public_path
 
-  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
-  # config.action_controller.asset_host = 'http://assets.example.com'
-
   # Ignore bad email addresses and do not raise email delivery errors.
   # Set this to true and configure the email server for immediate delivery to raise delivery errors.
   # config.action_mailer.raise_delivery_errors = false
@@ -80,8 +77,21 @@ OpenStreetMap::Application.configure do
   # Use default logging formatter so that PID and timestamp are not suppressed.
   config.log_formatter = ::Logger::Formatter.new
 
+  # Use a different logger for distributed setups.
+  # require 'syslog/logger'
+  # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name')
+
+  if ENV["RAILS_LOG_TO_STDOUT"].present?
+    logger           = ActiveSupport::Logger.new(STDOUT)
+    logger.formatter = config.log_formatter
+    config.logger    = ActiveSupport::TaggedLogging.new(logger)
+  end
+
   # Do not dump schema after migrations.
   unless STATUS == :database_offline
     config.active_record.dump_schema_after_migration = false
   end
+
+  # Enable autoloading of dependencies.
+  config.enable_dependency_loading = true
 end
diff --git a/config/environments/test.rb b/config/environments/test.rb
index f46617c71..2dfea4ea4 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -1,4 +1,4 @@
-OpenStreetMap::Application.configure do
+Rails.application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
   # The test environment is used exclusively to run your application's
@@ -12,9 +12,11 @@ OpenStreetMap::Application.configure do
   # preloads Rails for running tests, you may have to set it to true.
   config.eager_load = false
 
-  # Configure static file server for tests with Cache-Control for performance.
-  config.serve_static_files   = true
-  config.static_cache_control = "public, max-age=3600"
+  # Configure public file server for tests with Cache-Control for performance.
+  config.public_file_server.enabled = true
+  config.public_file_server.headers = {
+    "Cache-Control" => "public, max-age=#{1.hour.seconds.to_i}"
+  }
 
   # Show full error reports and disable caching.
   config.consider_all_requests_local       = true
@@ -25,15 +27,13 @@ OpenStreetMap::Application.configure do
 
   # Disable request forgery protection in test environment.
   config.action_controller.allow_forgery_protection = false
+  config.action_mailer.perform_caching = false
 
   # Tell Action Mailer not to deliver emails to the real world.
   # The :test delivery method accumulates sent emails in the
   # ActionMailer::Base.deliveries array.
   config.action_mailer.delivery_method = :test
 
-  # Randomize the order test cases are executed.
-  config.active_support.test_order = :random
-
   # Print deprecation notices to the stderr.
   config.active_support.deprecation = :stderr
 
diff --git a/config/initializers/cookies_serializer.rb b/config/initializers/cookies_serializer.rb
index 7f70458de..5a6a32d37 100644
--- a/config/initializers/cookies_serializer.rb
+++ b/config/initializers/cookies_serializer.rb
@@ -1,3 +1,5 @@
 # Be sure to restart your server when you modify this file.
 
+# Specify a serializer for the signed and encrypted cookie jars.
+# Valid options are :json, :marshal, and :hybrid.
 Rails.application.config.action_dispatch.cookies_serializer = :json
diff --git a/config/initializers/oauth.rb b/config/initializers/oauth.rb
index 437a00c97..3b4f06a2e 100644
--- a/config/initializers/oauth.rb
+++ b/config/initializers/oauth.rb
@@ -1,3 +1,4 @@
+require "oauth/controllers/provider_controller"
 require "oauth/rack/oauth_filter"
 
 Rails.configuration.middleware.use OAuth::Rack::OAuthFilter
@@ -11,3 +12,41 @@ module OAuth
     end
   end
 end
+
+module OpenStreetMap
+  module ProviderController
+    def self.prepended(mod)
+      mod.singleton_class.prepend(OpenStreetMap::ProviderController::ClassMethods)
+    end
+
+    def render(options = {})
+      text = options.delete(:text)
+      if text
+        super options.merge(:plain => text)
+      elsif options.delete(:nothing)
+        status = options.delete(:status) || :ok
+        head status, options
+      else
+        super options
+      end
+    end
+
+    module ClassMethods
+      def included(controller)
+        controller.class_eval do
+          def self.before_filter(*names, &blk)
+            before_action(*names, &blk)
+          end
+
+          def self.skip_before_filter(*names, &blk)
+            skip_before_action(*names, &blk)
+          end
+        end
+
+        super controller
+      end
+    end
+  end
+end
+
+OAuth::Controllers::ProviderController.prepend(OpenStreetMap::ProviderController)
diff --git a/config/secrets.yml b/config/secrets.yml
index 253f2be62..4704fad44 100644
--- a/config/secrets.yml
+++ b/config/secrets.yml
@@ -5,18 +5,28 @@
 
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
-# You can use `rake secret` to generate a secure secret key.
+# You can use `rails secret` to generate a secure secret key.
 
 # Make sure the secrets in this file are kept private
 # if you're sharing your code publicly.
 
+# Shared secrets are available across all environments.
+
+# shared:
+#   api_key: a1B2c3D4e5F6
+
+# Environmental secrets are only available for that specific environment.
+
 development:
   secret_key_base: 1ce5ed17771b4fdc3f755c5b98459d67816f99ec5889ec2fa7bf2bd3cba3ad5cc453693ce3c5d121669be478fb811136f4f483e6f39ac1f0e34ba66e8acab574
 
 test:
   secret_key_base: 10d52b1bf88c429e73ffbc5e5f58b037db21f38ea88b8b454e55d52ed8bcc6e7fe3b48a79b2f36eb78a4685224d707767d083f79c51f7d81a9d4a06d1c1e2534
 
-# Do not keep production secrets in the repository,
-# instead read values from the environment.
+# Do not keep production secrets in the unencrypted secrets file.
+# Instead, either read values from the environment.
+# Or, use `bin/rails secrets:setup` to configure encrypted secrets
+# and move the `production:` environment over there.
+
 production:
   secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
diff --git a/db/seeds.rb b/db/seeds.rb
index 664d8c74c..1beea2acc 100644
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -1,7 +1,7 @@
 # This file should contain all the record creation needed to seed the database with its default values.
-# The data can then be loaded with the rake db:seed (or created alongside the db with db:setup).
+# The data can then be loaded with the rails db:seed command (or created alongside the database with db:setup).
 #
 # Examples:
 #
-#   cities = City.create([{ :name => 'Chicago' }, { :name => 'Copenhagen' }])
-#   Mayor.create(:name => 'Daley', :city => cities.first)
+#   movies = Movie.create([{ name: 'Star Wars' }, { name: 'Lord of the Rings' }])
+#   Character.create(name: 'Luke', movie: movies.first)
diff --git a/db/structure.sql b/db/structure.sql
index 020d5fb16..08aafa8d7 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -2,8 +2,8 @@
 -- PostgreSQL database dump
 --
 
--- Dumped from database version 9.5.6
--- Dumped by pg_dump version 9.5.6
+-- Dumped from database version 9.5.7
+-- Dumped by pg_dump version 9.5.7
 
 SET statement_timeout = 0;
 SET lock_timeout = 0;
@@ -187,6 +187,18 @@ CREATE SEQUENCE acls_id_seq
 ALTER SEQUENCE acls_id_seq OWNED BY acls.id;
 
 
+--
+-- Name: ar_internal_metadata; Type: TABLE; Schema: public; Owner: -
+--
+
+CREATE TABLE ar_internal_metadata (
+    key character varying NOT NULL,
+    value character varying,
+    created_at timestamp without time zone NOT NULL,
+    updated_at timestamp without time zone NOT NULL
+);
+
+
 --
 -- Name: changeset_comments; Type: TABLE; Schema: public; Owner: -
 --
@@ -1354,6 +1366,14 @@ ALTER TABLE ONLY acls
     ADD CONSTRAINT acls_pkey PRIMARY KEY (id);
 
 
+--
+-- Name: ar_internal_metadata_pkey; Type: CONSTRAINT; Schema: public; Owner: -
+--
+
+ALTER TABLE ONLY ar_internal_metadata
+    ADD CONSTRAINT ar_internal_metadata_pkey PRIMARY KEY (key);
+
+
 --
 -- Name: changeset_comments_pkey; Type: CONSTRAINT; Schema: public; Owner: -
 --
@@ -2513,193 +2533,101 @@ ALTER TABLE ONLY ways
 
 SET search_path TO "$user", public;
 
-INSERT INTO schema_migrations (version) VALUES ('1');
-
-INSERT INTO schema_migrations (version) VALUES ('10');
-
-INSERT INTO schema_migrations (version) VALUES ('11');
-
-INSERT INTO schema_migrations (version) VALUES ('12');
-
-INSERT INTO schema_migrations (version) VALUES ('13');
-
-INSERT INTO schema_migrations (version) VALUES ('14');
-
-INSERT INTO schema_migrations (version) VALUES ('15');
-
-INSERT INTO schema_migrations (version) VALUES ('16');
-
-INSERT INTO schema_migrations (version) VALUES ('17');
-
-INSERT INTO schema_migrations (version) VALUES ('18');
-
-INSERT INTO schema_migrations (version) VALUES ('19');
-
-INSERT INTO schema_migrations (version) VALUES ('2');
-
-INSERT INTO schema_migrations (version) VALUES ('20');
-
-INSERT INTO schema_migrations (version) VALUES ('20100513171259');
-
-INSERT INTO schema_migrations (version) VALUES ('20100516124737');
-
-INSERT INTO schema_migrations (version) VALUES ('20100910084426');
-
-INSERT INTO schema_migrations (version) VALUES ('20101114011429');
-
-INSERT INTO schema_migrations (version) VALUES ('20110322001319');
-
-INSERT INTO schema_migrations (version) VALUES ('20110508145337');
-
-INSERT INTO schema_migrations (version) VALUES ('20110521142405');
-
-INSERT INTO schema_migrations (version) VALUES ('20110925112722');
-
-INSERT INTO schema_migrations (version) VALUES ('20111116184519');
-
-INSERT INTO schema_migrations (version) VALUES ('20111212183945');
-
-INSERT INTO schema_migrations (version) VALUES ('20120123184321');
-
-INSERT INTO schema_migrations (version) VALUES ('20120208122334');
-
-INSERT INTO schema_migrations (version) VALUES ('20120208194454');
-
-INSERT INTO schema_migrations (version) VALUES ('20120214210114');
-
-INSERT INTO schema_migrations (version) VALUES ('20120219161649');
-
-INSERT INTO schema_migrations (version) VALUES ('20120318201948');
-
-INSERT INTO schema_migrations (version) VALUES ('20120328090602');
-
-INSERT INTO schema_migrations (version) VALUES ('20120404205604');
-
-INSERT INTO schema_migrations (version) VALUES ('20120808231205');
-
-INSERT INTO schema_migrations (version) VALUES ('20121005195010');
-
-INSERT INTO schema_migrations (version) VALUES ('20121012044047');
-
-INSERT INTO schema_migrations (version) VALUES ('20121119165817');
-
-INSERT INTO schema_migrations (version) VALUES ('20121202155309');
-
-INSERT INTO schema_migrations (version) VALUES ('20121203124841');
-
-INSERT INTO schema_migrations (version) VALUES ('20130328184137');
-
-INSERT INTO schema_migrations (version) VALUES ('20131212124700');
-
-INSERT INTO schema_migrations (version) VALUES ('20140115192822');
-
-INSERT INTO schema_migrations (version) VALUES ('20140117185510');
-
-INSERT INTO schema_migrations (version) VALUES ('20140210003018');
-
-INSERT INTO schema_migrations (version) VALUES ('20140507110937');
-
-INSERT INTO schema_migrations (version) VALUES ('20140519141742');
-
-INSERT INTO schema_migrations (version) VALUES ('20150110152606');
-
-INSERT INTO schema_migrations (version) VALUES ('20150111192335');
-
-INSERT INTO schema_migrations (version) VALUES ('20150222101847');
-
-INSERT INTO schema_migrations (version) VALUES ('20150818224516');
-
-INSERT INTO schema_migrations (version) VALUES ('20161002153425');
-
-INSERT INTO schema_migrations (version) VALUES ('20161011010929');
-
-INSERT INTO schema_migrations (version) VALUES ('20170222134109');
-
-INSERT INTO schema_migrations (version) VALUES ('21');
-
-INSERT INTO schema_migrations (version) VALUES ('22');
-
-INSERT INTO schema_migrations (version) VALUES ('23');
-
-INSERT INTO schema_migrations (version) VALUES ('24');
-
-INSERT INTO schema_migrations (version) VALUES ('25');
-
-INSERT INTO schema_migrations (version) VALUES ('26');
-
-INSERT INTO schema_migrations (version) VALUES ('27');
-
-INSERT INTO schema_migrations (version) VALUES ('28');
-
-INSERT INTO schema_migrations (version) VALUES ('29');
-
-INSERT INTO schema_migrations (version) VALUES ('3');
-
-INSERT INTO schema_migrations (version) VALUES ('30');
-
-INSERT INTO schema_migrations (version) VALUES ('31');
-
-INSERT INTO schema_migrations (version) VALUES ('32');
-
-INSERT INTO schema_migrations (version) VALUES ('33');
-
-INSERT INTO schema_migrations (version) VALUES ('34');
-
-INSERT INTO schema_migrations (version) VALUES ('35');
-
-INSERT INTO schema_migrations (version) VALUES ('36');
-
-INSERT INTO schema_migrations (version) VALUES ('37');
-
-INSERT INTO schema_migrations (version) VALUES ('38');
-
-INSERT INTO schema_migrations (version) VALUES ('39');
-
-INSERT INTO schema_migrations (version) VALUES ('4');
-
-INSERT INTO schema_migrations (version) VALUES ('40');
-
-INSERT INTO schema_migrations (version) VALUES ('41');
-
-INSERT INTO schema_migrations (version) VALUES ('42');
-
-INSERT INTO schema_migrations (version) VALUES ('43');
-
-INSERT INTO schema_migrations (version) VALUES ('44');
-
-INSERT INTO schema_migrations (version) VALUES ('45');
-
-INSERT INTO schema_migrations (version) VALUES ('46');
-
-INSERT INTO schema_migrations (version) VALUES ('47');
-
-INSERT INTO schema_migrations (version) VALUES ('48');
-
-INSERT INTO schema_migrations (version) VALUES ('49');
-
-INSERT INTO schema_migrations (version) VALUES ('5');
-
-INSERT INTO schema_migrations (version) VALUES ('50');
-
-INSERT INTO schema_migrations (version) VALUES ('51');
-
-INSERT INTO schema_migrations (version) VALUES ('52');
-
-INSERT INTO schema_migrations (version) VALUES ('53');
-
-INSERT INTO schema_migrations (version) VALUES ('54');
-
-INSERT INTO schema_migrations (version) VALUES ('55');
-
-INSERT INTO schema_migrations (version) VALUES ('56');
-
-INSERT INTO schema_migrations (version) VALUES ('57');
-
-INSERT INTO schema_migrations (version) VALUES ('6');
-
-INSERT INTO schema_migrations (version) VALUES ('7');
-
-INSERT INTO schema_migrations (version) VALUES ('8');
+INSERT INTO "schema_migrations" (version) VALUES
+('1'),
+('10'),
+('11'),
+('12'),
+('13'),
+('14'),
+('15'),
+('16'),
+('17'),
+('18'),
+('19'),
+('2'),
+('20'),
+('20100513171259'),
+('20100516124737'),
+('20100910084426'),
+('20101114011429'),
+('20110322001319'),
+('20110508145337'),
+('20110521142405'),
+('20110925112722'),
+('20111116184519'),
+('20111212183945'),
+('20120123184321'),
+('20120208122334'),
+('20120208194454'),
+('20120214210114'),
+('20120219161649'),
+('20120318201948'),
+('20120328090602'),
+('20120404205604'),
+('20120808231205'),
+('20121005195010'),
+('20121012044047'),
+('20121119165817'),
+('20121202155309'),
+('20121203124841'),
+('20130328184137'),
+('20131212124700'),
+('20140115192822'),
+('20140117185510'),
+('20140210003018'),
+('20140507110937'),
+('20140519141742'),
+('20150110152606'),
+('20150111192335'),
+('20150222101847'),
+('20150818224516'),
+('20161002153425'),
+('20161011010929'),
+('20170222134109'),
+('21'),
+('22'),
+('23'),
+('24'),
+('25'),
+('26'),
+('27'),
+('28'),
+('29'),
+('3'),
+('30'),
+('31'),
+('32'),
+('33'),
+('34'),
+('35'),
+('36'),
+('37'),
+('38'),
+('39'),
+('4'),
+('40'),
+('41'),
+('42'),
+('43'),
+('44'),
+('45'),
+('46'),
+('47'),
+('48'),
+('49'),
+('5'),
+('50'),
+('51'),
+('52'),
+('53'),
+('54'),
+('55'),
+('56'),
+('57'),
+('6'),
+('7'),
+('8'),
+('9');
 
-INSERT INTO schema_migrations (version) VALUES ('9');
 
diff --git a/lib/tasks/testing.rake b/lib/tasks/testing.rake
index ffee7f050..3d933a3aa 100644
--- a/lib/tasks/testing.rake
+++ b/lib/tasks/testing.rake
@@ -1,5 +1,6 @@
 namespace :test do
-  Rails::TestTask.new(lib: "test:prepare") do |t|
-    t.pattern = "test/lib/**/*_test.rb"
+  task "lib" => "test:prepare" do
+    $LOAD_PATH << "test"
+    Minitest.rake_run(["test/lib"])
   end
 end
diff --git a/test/controllers/api_controller_test.rb b/test/controllers/api_controller_test.rb
index b07eb68c9..efcc06307 100644
--- a/test/controllers/api_controller_test.rb
+++ b/test/controllers/api_controller_test.rb
@@ -63,7 +63,7 @@ class ApiControllerTest < ActionController::TestCase
     maxlon = node.lon + 0.1
     maxlat = node.lat + 0.1
     bbox = "#{minlon},#{minlat},#{maxlon},#{maxlat}"
-    get :map, :bbox => bbox
+    get :map, :params => { :bbox => bbox }
     if $VERBOSE
       print @request.to_yaml
       print @response.body
@@ -93,7 +93,7 @@ class ApiControllerTest < ActionController::TestCase
     relation = create(:relation_member, :member => node).relation
 
     bbox = "#{node.lon},#{node.lat},#{node.lon},#{node.lat}"
-    get :map, :bbox => bbox
+    get :map, :params => { :bbox => bbox }
     assert_response :success, "The map call should have succeeded"
     assert_select "osm[version='#{API_VERSION}'][generator='#{GENERATOR}']", :count => 1 do
       assert_select "bounds[minlon='#{node.lon}'][minlat='#{node.lat}'][maxlon='#{node.lon}'][maxlat='#{node.lat}']", :count => 1
@@ -121,7 +121,7 @@ class ApiControllerTest < ActionController::TestCase
     relation = create(:relation_member, :member => way1).relation
 
     bbox = "#{node.lon},#{node.lat},#{node.lon},#{node.lat}"
-    get :map, :bbox => bbox
+    get :map, :params => { :bbox => bbox }
     assert_response :success, "The map call should have succeeded"
     assert_select "osm[version='#{API_VERSION}'][generator='#{GENERATOR}']", :count => 1 do
       assert_select "bounds[minlon='#{node.lon}'][minlat='#{node.lat}'][maxlon='#{node.lon}'][maxlat='#{node.lat}']", :count => 1
@@ -138,7 +138,7 @@ class ApiControllerTest < ActionController::TestCase
   end
 
   def test_map_empty
-    get :map, :bbox => "179.998,89.998,179.999.1,89.999"
+    get :map, :params => { :bbox => "179.998,89.998,179.999.1,89.999" }
     assert_response :success, "The map call should have succeeded"
     assert_select "osm[version='#{API_VERSION}'][generator='#{GENERATOR}']", :count => 1 do
       assert_select "bounds[minlon='179.9980000'][minlat='89.9980000'][maxlon='179.9990000'][maxlat='89.9990000']", :count => 1
@@ -157,7 +157,7 @@ class ApiControllerTest < ActionController::TestCase
     maxlon = point.longitude + 0.001
     maxlat = point.latitude + 0.001
     bbox = "#{minlon},#{minlat},#{maxlon},#{maxlat}"
-    get :trackpoints, :bbox => bbox
+    get :trackpoints, :params => { :bbox => bbox }
     assert_response :success
     assert_select "gpx[version='1.0'][creator='OpenStreetMap.org']", :count => 1 do
       assert_select "trk" do
@@ -176,7 +176,7 @@ class ApiControllerTest < ActionController::TestCase
     maxlon = point.longitude + 0.002
     maxlat = point.latitude + 0.002
     bbox = "#{minlon},#{minlat},#{maxlon},#{maxlat}"
-    get :trackpoints, :bbox => bbox
+    get :trackpoints, :params => { :bbox => bbox }
     assert_response :success
     assert_select "gpx[version='1.0'][creator='OpenStreetMap.org']", :count => 1 do
       assert_select "trk", :count => 1 do
@@ -200,7 +200,7 @@ class ApiControllerTest < ActionController::TestCase
     maxlon = point.longitude + 0.002
     maxlat = point.latitude + 0.002
     bbox = "#{minlon},#{minlat},#{maxlon},#{maxlat}"
-    get :trackpoints, :bbox => bbox
+    get :trackpoints, :params => { :bbox => bbox }
     assert_response :success
     assert_select "gpx[version='1.0'][creator='OpenStreetMap.org']", :count => 1 do
       assert_select "trk", :count => 1 do
@@ -226,12 +226,12 @@ class ApiControllerTest < ActionController::TestCase
 
   def test_traces_page_less_than_0
     -10.upto(-1) do |i|
-      get :trackpoints, :page => i, :bbox => "-0.1,-0.1,0.1,0.1"
+      get :trackpoints, :params => { :page => i, :bbox => "-0.1,-0.1,0.1,0.1" }
       assert_response :bad_request
       assert_equal "Page number must be greater than or equal to 0", @response.body, "The page number was #{i}"
     end
     0.upto(10) do |i|
-      get :trackpoints, :page => i, :bbox => "-0.1,-0.1,0.1,0.1"
+      get :trackpoints, :params => { :page => i, :bbox => "-0.1,-0.1,0.1,0.1" }
       assert_response :success, "The page number was #{i} and should have been accepted"
     end
   end
@@ -239,7 +239,7 @@ class ApiControllerTest < ActionController::TestCase
   def test_bbox_too_big
     @badbigbbox.each do |bbox|
       %w[trackpoints map].each do |tq|
-        get tq, :bbox => bbox
+        get tq, :params => { :bbox => bbox }
         assert_response :bad_request, "The bbox:#{bbox} was expected to be too big"
         assert_equal "The maximum bbox size is #{MAX_REQUEST_AREA}, and your request was too large. Either request a smaller area, or use planet.osm", @response.body, "bbox: #{bbox}"
       end
@@ -249,7 +249,7 @@ class ApiControllerTest < ActionController::TestCase
   def test_bbox_malformed
     @badmalformedbbox.each do |bbox|
       %w[trackpoints map].each do |tq|
-        get tq, :bbox => bbox
+        get tq, :params => { :bbox => bbox }
         assert_response :bad_request, "The bbox:#{bbox} was expected to be malformed"
         assert_equal "The parameter bbox is required, and must be of the form min_lon,min_lat,max_lon,max_lat", @response.body, "bbox: #{bbox}"
       end
@@ -259,7 +259,7 @@ class ApiControllerTest < ActionController::TestCase
   def test_bbox_lon_mixedup
     @badlonmixedbbox.each do |bbox|
       %w[trackpoints map].each do |tq|
-        get tq, :bbox => bbox
+        get tq, :params => { :bbox => bbox }
         assert_response :bad_request, "The bbox:#{bbox} was expected to have the longitude mixed up"
         assert_equal "The minimum longitude must be less than the maximum longitude, but it wasn't", @response.body, "bbox: #{bbox}"
       end
@@ -269,7 +269,7 @@ class ApiControllerTest < ActionController::TestCase
   def test_bbox_lat_mixedup
     @badlatmixedbbox.each do |bbox|
       %w[trackpoints map].each do |tq|
-        get tq, :bbox => bbox
+        get tq, :params => { :bbox => bbox }
         assert_response :bad_request, "The bbox:#{bbox} was expected to have the latitude mixed up"
         assert_equal "The minimum latitude must be less than the maximum latitude, but it wasn't", @response.body, "bbox: #{bbox}"
       end
@@ -335,7 +335,7 @@ class ApiControllerTest < ActionController::TestCase
   def test_changes_zoom_invalid
     zoom_to_test = %w[p -1 0 17 one two]
     zoom_to_test.each do |zoom|
-      get :changes, :zoom => zoom
+      get :changes, :params => { :zoom => zoom }
       assert_response :bad_request
       assert_equal @response.body, "Requested zoom is invalid, or the supplied start is after the end time, or the start duration is more than 24 hours"
     end
@@ -343,7 +343,7 @@ class ApiControllerTest < ActionController::TestCase
 
   def test_changes_zoom_valid
     1.upto(16) do |zoom|
-      get :changes, :zoom => zoom
+      get :changes, :params => { :zoom => zoom }
       assert_response :success
       # NOTE: there was a test here for the timing, but it was too sensitive to be a good test
       # and it was annoying.
@@ -356,7 +356,7 @@ class ApiControllerTest < ActionController::TestCase
   def test_changes_hours_invalid
     invalid = %w[-21 335 -1 0 25 26 100 one two three ping pong :]
     invalid.each do |hour|
-      get :changes, :hours => hour
+      get :changes, :params => { :hours => hour }
       assert_response :bad_request, "Problem with the hour: #{hour}"
       assert_equal @response.body, "Requested zoom is invalid, or the supplied start is after the end time, or the start duration is more than 24 hours", "Problem with the hour: #{hour}."
     end
@@ -364,19 +364,19 @@ class ApiControllerTest < ActionController::TestCase
 
   def test_changes_hours_valid
     1.upto(24) do |hour|
-      get :changes, :hours => hour
+      get :changes, :params => { :hours => hour }
       assert_response :success
     end
   end
 
   def test_changes_start_end_invalid
-    get :changes, :start => "2010-04-03 10:55:00", :end => "2010-04-03 09:55:00"
+    get :changes, :params => { :start => "2010-04-03 10:55:00", :end => "2010-04-03 09:55:00" }
     assert_response :bad_request
     assert_equal @response.body, "Requested zoom is invalid, or the supplied start is after the end time, or the start duration is more than 24 hours"
   end
 
   def test_changes_start_end_valid
-    get :changes, :start => "2010-04-03 09:55:00", :end => "2010-04-03 10:55:00"
+    get :changes, :params => { :start => "2010-04-03 09:55:00", :end => "2010-04-03 10:55:00" }
     assert_response :success
   end
 
diff --git a/test/controllers/browse_controller_test.rb b/test/controllers/browse_controller_test.rb
index abb1ccdfe..68345c6b6 100644
--- a/test/controllers/browse_controller_test.rb
+++ b/test/controllers/browse_controller_test.rb
@@ -97,12 +97,12 @@ class BrowseControllerTest < ActionController::TestCase
   def test_read_hidden_note
     hidden_note_with_comment = create(:note_with_comments, :status => "hidden")
 
-    get :note, :id => hidden_note_with_comment.id
+    get :note, :params => { :id => hidden_note_with_comment.id }
     assert_response :not_found
     assert_template "browse/not_found"
     assert_template :layout => "map"
 
-    xhr :get, :note, :id => hidden_note_with_comment.id
+    get :note, :params => { :id => hidden_note_with_comment.id }, :xhr => true
     assert_response :not_found
     assert_template "browse/not_found"
     assert_template :layout => "xhr"
@@ -139,7 +139,7 @@ class BrowseControllerTest < ActionController::TestCase
     node_v1 = node.old_nodes.find_by(:version => 1)
     node_v1.redact!(create(:redaction))
 
-    get :node, :id => node.id
+    get :node, :params => { :id => node.id }
     assert_response :success
     assert_template "feature"
 
@@ -155,7 +155,7 @@ class BrowseControllerTest < ActionController::TestCase
     node_v1 = node.old_nodes.find_by(:version => 1)
     node_v1.redact!(create(:redaction))
 
-    get :node_history, :id => node.id
+    get :node_history, :params => { :id => node.id }
     assert_response :success
     assert_template "browse/history"
 
@@ -175,7 +175,7 @@ class BrowseControllerTest < ActionController::TestCase
     way_v3 = way.old_ways.find_by(:version => 3)
     way_v3.redact!(create(:redaction))
 
-    get :way_history, :id => way.id
+    get :way_history, :params => { :id => way.id }
     assert_response :success
     assert_template "browse/history"
 
@@ -193,7 +193,7 @@ class BrowseControllerTest < ActionController::TestCase
     relation_v3 = relation.old_relations.find_by(:version => 3)
     relation_v3.redact!(create(:redaction))
 
-    get :relation_history, :id => relation.id
+    get :relation_history, :params => { :id => relation.id }
     assert_response :success
     assert_template "browse/history"
 
@@ -216,25 +216,25 @@ class BrowseControllerTest < ActionController::TestCase
     end
 
     assert_raise ActionController::UrlGenerationError do
-      get type, :id => -10 # we won't have an id that's negative
+      get type, :params => { :id => -10 } # we won't have an id that's negative
     end
 
-    get type, :id => 0
+    get type, :params => { :id => 0 }
     assert_response :not_found
     assert_template "browse/not_found"
     assert_template :layout => "map"
 
-    xhr :get, type, :id => 0
+    get type, :params => { :id => 0 }, :xhr => true
     assert_response :not_found
     assert_template "browse/not_found"
     assert_template :layout => "xhr"
 
-    get type, :id => id
+    get type, :params => { :id => id }
     assert_response :success
     assert_template template
     assert_template :layout => "map"
 
-    xhr :get, type, :id => id
+    get type, :params => { :id => id }, :xhr => true
     assert_response :success
     assert_template template
     assert_template :layout => "xhr"
diff --git a/test/controllers/changeset_controller_test.rb b/test/controllers/changeset_controller_test.rb
index abdd4cdaa..f1b029b39 100644
--- a/test/controllers/changeset_controller_test.rb
+++ b/test/controllers/changeset_controller_test.rb
@@ -178,14 +178,14 @@ class ChangesetControllerTest < ActionController::TestCase
   def test_read
     changeset_id = create(:changeset).id
 
-    get :read, :id => changeset_id
+    get :read, :params => { :id => changeset_id }
     assert_response :success, "cannot get first changeset"
 
     assert_select "osm[version='#{API_VERSION}'][generator='OpenStreetMap server']", 1
     assert_select "osm>changeset[id='#{changeset_id}']", 1
     assert_select "osm>changeset>discussion", 0
 
-    get :read, :id => changeset_id, :include_discussion => true
+    get :read, :params => { :id => changeset_id, :include_discussion => true }
     assert_response :success, "cannot get first changeset with comments"
 
     assert_select "osm[version='#{API_VERSION}'][generator='OpenStreetMap server']", 1
@@ -196,7 +196,7 @@ class ChangesetControllerTest < ActionController::TestCase
     changeset_id = create(:changeset, :closed).id
     create_list(:changeset_comment, 3, :changeset_id => changeset_id)
 
-    get :read, :id => changeset_id, :include_discussion => true
+    get :read, :params => { :id => changeset_id, :include_discussion => true }
     assert_response :success, "cannot get closed changeset with comments"
 
     assert_select "osm[version='#{API_VERSION}'][generator='OpenStreetMap server']", 1
@@ -210,7 +210,7 @@ class ChangesetControllerTest < ActionController::TestCase
   def test_read_not_found
     [0, -32, 233455644, "afg", "213"].each do |id|
       begin
-        get :read, :id => id
+        get :read, :params => { :id => id }
         assert_response :not_found, "should get a not found"
       rescue ActionController::UrlGenerationError => ex
         assert_match /No route matches/, ex.to_s
@@ -227,19 +227,19 @@ class ChangesetControllerTest < ActionController::TestCase
     changeset = create(:changeset, :user => user)
 
     ## Try without authentication
-    put :close, :id => changeset.id
+    put :close, :params => { :id => changeset.id }
     assert_response :unauthorized
 
     ## Try using the non-public user
     basic_authorization private_user.email, "test"
-    put :close, :id => private_changeset.id
+    put :close, :params => { :id => private_changeset.id }
     assert_require_public_data
 
     ## The try with the public user
     basic_authorization user.email, "test"
 
     cs_id = changeset.id
-    put :close, :id => cs_id
+    put :close, :params => { :id => cs_id }
     assert_response :success
 
     # test that it really is closed now
@@ -256,7 +256,7 @@ class ChangesetControllerTest < ActionController::TestCase
 
     basic_authorization user.email, "test"
 
-    put :close, :id => changeset.id
+    put :close, :params => { :id => changeset.id }
     assert_response :conflict
     assert_equal "The user doesn't own that changeset", @response.body
   end
@@ -269,10 +269,10 @@ class ChangesetControllerTest < ActionController::TestCase
 
     basic_authorization user.email, "test"
 
-    get :close, :id => changeset.id
+    get :close, :params => { :id => changeset.id }
     assert_response :method_not_allowed
 
-    post :close, :id => changeset.id
+    post :close, :params => { :id => changeset.id }
     assert_response :method_not_allowed
   end
 
@@ -284,7 +284,7 @@ class ChangesetControllerTest < ActionController::TestCase
     # First try to do it with no auth
     cs_ids.each do |id|
       begin
-        put :close, :id => id
+        put :close, :params => { :id => id }
         assert_response :unauthorized, "Shouldn't be able close the non-existant changeset #{id}, when not authorized"
       rescue ActionController::UrlGenerationError => ex
         assert_match /No route matches/, ex.to_s
@@ -295,7 +295,7 @@ class ChangesetControllerTest < ActionController::TestCase
     basic_authorization create(:user).email, "test"
     cs_ids.each do |id|
       begin
-        put :close, :id => id
+        put :close, :params => { :id => id }
         assert_response :not_found, "The changeset #{id} doesn't exist, so can't be closed"
       rescue ActionController::UrlGenerationError => ex
         assert_match /No route matches/, ex.to_s
@@ -347,7 +347,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset_id
+    post :upload, :params => { :id => changeset_id }
     assert_response :unauthorized,
                     "shouldn't be able to upload a simple valid diff to changeset: #{@response.body}"
 
@@ -377,7 +377,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset_id
+    post :upload, :params => { :id => changeset_id }
     assert_response :forbidden,
                     "can't upload a simple valid diff to changeset: #{@response.body}"
 
@@ -407,7 +407,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset_id
+    post :upload, :params => { :id => changeset_id }
     assert_response :success,
                     "can't upload a simple valid diff to changeset: #{@response.body}"
 
@@ -452,7 +452,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :success,
                     "can't upload a simple valid creation to changeset: #{@response.body}"
 
@@ -517,7 +517,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :success,
                     "can't upload a deletion diff to changeset: #{@response.body}"
 
@@ -545,7 +545,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :success,
                     "can't upload a deletion diff to changeset: #{@response.body}"
 
@@ -610,7 +610,7 @@ EOF
     # upload it, which used to cause an error like "PGError: ERROR:
     # integer out of range" (bug #2152). but shouldn't any more.
     content diff
-    post :upload, :id => changeset_id
+    post :upload, :params => { :id => changeset_id }
     assert_response :success,
                     "can't upload a spatially-large diff to changeset: #{@response.body}"
 
@@ -653,7 +653,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :precondition_failed,
                     "shouldn't be able to upload a invalid deletion diff: #{@response.body}"
     assert_equal "Precondition failed: Way #{used_way.id} is still used by relations #{relation.id}.", @response.body
@@ -697,7 +697,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :success,
                     "can't do a conditional delete of in use objects: #{@response.body}"
 
@@ -751,7 +751,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :bad_request,
                     "shoudln't be able to upload too long a tag to changeset: #{@response.body}"
   end
@@ -794,7 +794,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :success,
                     "can't upload a complex diff to changeset: #{@response.body}"
 
@@ -858,7 +858,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :conflict,
                     "uploading a diff with multiple changesets should have failed"
 
@@ -895,7 +895,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :success,
                     "can't upload multiple versions of an element in a diff: #{@response.body}"
 
@@ -925,7 +925,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :conflict,
                     "shouldn't be able to upload the same element twice in a diff: #{@response.body}"
   end
@@ -947,7 +947,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :bad_request,
                     "shouldn't be able to upload an element without version: #{@response.body}"
   end
@@ -967,7 +967,7 @@ EOF
       </osmChange>
 EOF
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :bad_request, "Shouldn't be able to upload a diff with the action ping"
     assert_equal @response.body, "Unknown action ping, choices are create, modify, delete"
   end
@@ -1001,7 +1001,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :success,
                     "can't upload a valid diff with whitespace variations to changeset: #{@response.body}"
 
@@ -1039,7 +1039,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :success,
                     "can't upload a valid diff with re-used placeholders to changeset: #{@response.body}"
 
@@ -1068,7 +1068,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :bad_request,
                     "shouldn't be able to re-use placeholder IDs"
   end
@@ -1100,7 +1100,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :bad_request,
                     "shouldn't be able to use invalid placeholder IDs"
     assert_equal "Placeholder node not found for reference -4 in way -1", @response.body
@@ -1124,7 +1124,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :bad_request,
                     "shouldn't be able to use invalid placeholder IDs"
     assert_equal "Placeholder node not found for reference -4 in way #{way.id}", @response.body
@@ -1157,7 +1157,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :bad_request,
                     "shouldn't be able to use invalid placeholder IDs"
     assert_equal "Placeholder Node not found for reference -4 in relation -1.", @response.body
@@ -1181,7 +1181,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :bad_request,
                     "shouldn't be able to use invalid placeholder IDs"
     assert_equal "Placeholder Way not found for reference -1 in relation #{relation.id}.", @response.body
@@ -1214,7 +1214,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset_id
+    post :upload, :params => { :id => changeset_id }
     assert_response :success,
                     "diff should have uploaded OK"
 
@@ -1254,7 +1254,7 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset_id
+    post :upload, :params => { :id => changeset_id }
     assert_response :success,
                     "diff should have uploaded OK"
 
@@ -1279,7 +1279,7 @@ EOF
      "<osmChange><modify></modify></osmChange>"].each do |diff|
       # upload it
       content diff
-      post :upload, :id => changeset.id
+      post :upload, :params => { :id => changeset.id }
       assert_response(:success, "should be able to upload " +
                       "empty changeset: " + diff)
     end
@@ -1304,7 +1304,7 @@ EOF
     # upload it
     content diff
     error_format "xml"
-    post :upload, :id => changeset.id
+    post :upload, :params => { :id => changeset.id }
     assert_response :success,
                     "failed to return error in XML format"
 
@@ -1359,11 +1359,11 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset_id
+    post :upload, :params => { :id => changeset_id }
     assert_response :success,
                     "can't upload multiple versions of an element in a diff: #{@response.body}"
 
-    get :download, :id => changeset_id
+    get :download, :params => { :id => changeset_id }
     assert_response :success
 
     assert_select "osmChange", 1
@@ -1418,11 +1418,11 @@ OSMFILE
 
     # upload it
     content diff
-    post :upload, :id => changeset_id
+    post :upload, :params => { :id => changeset_id }
     assert_response :success,
                     "can't upload a diff from JOSM: #{@response.body}"
 
-    get :download, :id => changeset_id
+    get :download, :params => { :id => changeset_id }
     assert_response :success
 
     assert_select "osmChange", 1
@@ -1474,11 +1474,11 @@ EOF
 
     # upload it
     content diff
-    post :upload, :id => changeset_id
+    post :upload, :params => { :id => changeset_id }
     assert_response :success,
                     "can't upload multiple versions of an element in a diff: #{@response.body}"
 
-    get :download, :id => changeset_id
+    get :download, :params => { :id => changeset_id }
     assert_response :success
 
     assert_select "osmChange", 1
@@ -1500,7 +1500,7 @@ EOF
     _relation = create(:relation, :with_history, :version => 1, :changeset => changeset)
     _relation2 = create(:relation, :with_history, :deleted, :version => 1, :changeset => changeset)
 
-    get :download, :id => changeset.id
+    get :download, :params => { :id => changeset.id }
 
     assert_response :success
     assert_template nil
@@ -1538,7 +1538,7 @@ EOF
     end
 
     # get the bounding box back from the changeset
-    get :read, :id => changeset_id
+    get :read, :params => { :id => changeset_id }
     assert_response :success, "Couldn't read back changeset."
     assert_select "osm>changeset[min_lon='1.0000000']", 1
     assert_select "osm>changeset[max_lon='1.0000000']", 1
@@ -1553,7 +1553,7 @@ EOF
     end
 
     # get the bounding box back from the changeset
-    get :read, :id => changeset_id
+    get :read, :params => { :id => changeset_id }
     assert_response :success, "Couldn't read back changeset for the second time."
     assert_select "osm>changeset[min_lon='1.0000000']", 1
     assert_select "osm>changeset[max_lon='2.0000000']", 1
@@ -1563,12 +1563,12 @@ EOF
     # add (delete) a way to it, which contains a point at (3,3)
     with_controller(WayController.new) do
       content update_changeset(way.to_xml, changeset_id)
-      put :delete, :id => way.id
+      put :delete, :params => { :id => way.id }
       assert_response :success, "Couldn't delete a way."
     end
 
     # get the bounding box back from the changeset
-    get :read, :id => changeset_id
+    get :read, :params => { :id => changeset_id }
     assert_response :success, "Couldn't read back changeset for the third time."
     # note that the 3.1 here is because of the bbox overexpansion
     assert_select "osm>changeset[min_lon='1.0000000']", 1
@@ -1615,17 +1615,17 @@ EOF
 
     # Try and put
     content "<osm><node lon='#{lon}' lat='#{lat}'/></osm>"
-    put :expand_bbox, :id => changeset_id
+    put :expand_bbox, :params => { :id => changeset_id }
     assert_response :method_not_allowed, "shouldn't be able to put a bbox expand"
 
     # Try to get the update
     content "<osm><node lon='#{lon}' lat='#{lat}'/></osm>"
-    get :expand_bbox, :id => changeset_id
+    get :expand_bbox, :params => { :id => changeset_id }
     assert_response :method_not_allowed, "shouldn't be able to get a bbox expand"
 
     # Try to use a hopefully missing changeset
     content "<osm><node lon='#{lon}' lat='#{lat}'/></osm>"
-    post :expand_bbox, :id => changeset_id + 13245
+    post :expand_bbox, :params => { :id => changeset_id + 13245 }
     assert_response :not_found, "shouldn't be able to do a bbox expand on a nonexistant changeset"
   end
 
@@ -1641,77 +1641,78 @@ EOF
     changeset2 = create(:changeset, :min_lat => 5 * GeoRecord::SCALE, :min_lon => 5 * GeoRecord::SCALE, :max_lat => 15 * GeoRecord::SCALE, :max_lon => 15 * GeoRecord::SCALE)
     changeset3 = create(:changeset, :min_lat => 4.5 * GeoRecord::SCALE, :min_lon => 4.5 * GeoRecord::SCALE, :max_lat => 5 * GeoRecord::SCALE, :max_lon => 5 * GeoRecord::SCALE)
 
-    get :query, :bbox => "-10,-10, 10, 10"
+    get :query, :params => { :bbox => "-10,-10, 10, 10" }
     assert_response :success, "can't get changesets in bbox"
     assert_changesets [changeset2, changeset3]
 
-    get :query, :bbox => "4.5,4.5,4.6,4.6"
+    get :query, :params => { :bbox => "4.5,4.5,4.6,4.6" }
     assert_response :success, "can't get changesets in bbox"
     assert_changesets [changeset3]
 
     # not found when looking for changesets of non-existing users
-    get :query, :user => User.maximum(:id) + 1
+    get :query, :params => { :user => User.maximum(:id) + 1 }
     assert_response :not_found
-    get :query, :display_name => " "
+    get :query, :params => { :display_name => " " }
     assert_response :not_found
 
     # can't get changesets of user 1 without authenticating
-    get :query, :user => private_user.id
+    get :query, :params => { :user => private_user.id }
     assert_response :not_found, "shouldn't be able to get changesets by non-public user (ID)"
-    get :query, :display_name => private_user.display_name
+    get :query, :params => { :display_name => private_user.display_name }
     assert_response :not_found, "shouldn't be able to get changesets by non-public user (name)"
 
     # but this should work
     basic_authorization private_user.email, "test"
-    get :query, :user => private_user.id
+    get :query, :params => { :user => private_user.id }
     assert_response :success, "can't get changesets by user ID"
     assert_changesets [private_user_changeset, private_user_closed_changeset]
 
-    get :query, :display_name => private_user.display_name
+    get :query, :params => { :display_name => private_user.display_name }
     assert_response :success, "can't get changesets by user name"
     assert_changesets [private_user_changeset, private_user_closed_changeset]
 
     # check that the correct error is given when we provide both UID and name
-    get :query, :user => private_user.id, :display_name => private_user.display_name
+    get :query, :params => { :user => private_user.id,
+                             :display_name => private_user.display_name }
     assert_response :bad_request, "should be a bad request to have both ID and name specified"
 
-    get :query, :user => private_user.id, :open => true
+    get :query, :params => { :user => private_user.id, :open => true }
     assert_response :success, "can't get changesets by user and open"
     assert_changesets [private_user_changeset]
 
-    get :query, :time => "2007-12-31"
+    get :query, :params => { :time => "2007-12-31" }
     assert_response :success, "can't get changesets by time-since"
     assert_changesets [private_user_changeset, private_user_closed_changeset, changeset, closed_changeset, changeset2, changeset3]
 
-    get :query, :time => "2008-01-01T12:34Z"
+    get :query, :params => { :time => "2008-01-01T12:34Z" }
     assert_response :success, "can't get changesets by time-since with hour"
     assert_changesets [private_user_changeset, private_user_closed_changeset, changeset, closed_changeset, changeset2, changeset3]
 
-    get :query, :time => "2007-12-31T23:59Z,2008-01-02T00:01Z"
+    get :query, :params => { :time => "2007-12-31T23:59Z,2008-01-02T00:01Z" }
     assert_response :success, "can't get changesets by time-range"
     assert_changesets [closed_changeset]
 
-    get :query, :open => "true"
+    get :query, :params => { :open => "true" }
     assert_response :success, "can't get changesets by open-ness"
     assert_changesets [private_user_changeset, changeset, changeset2, changeset3]
 
-    get :query, :closed => "true"
+    get :query, :params => { :closed => "true" }
     assert_response :success, "can't get changesets by closed-ness"
     assert_changesets [private_user_closed_changeset, closed_changeset]
 
-    get :query, :closed => "true", :user => private_user.id
+    get :query, :params => { :closed => "true", :user => private_user.id }
     assert_response :success, "can't get changesets by closed-ness and user"
     assert_changesets [private_user_closed_changeset]
 
-    get :query, :closed => "true", :user => user.id
+    get :query, :params => { :closed => "true", :user => user.id }
     assert_response :success, "can't get changesets by closed-ness and user"
     assert_changesets [closed_changeset]
 
-    get :query, :changesets => "#{private_user_changeset.id},#{changeset.id},#{closed_changeset.id}"
+    get :query, :params => { :changesets => "#{private_user_changeset.id},#{changeset.id},#{closed_changeset.id}" }
     assert_response :success, "can't get changesets by id (as comma-separated string)"
     assert_changesets [private_user_changeset, changeset, closed_changeset]
 
-    get :query, :changesets => ""
+    get :query, :params => { :changesets => "" }
     assert_response :bad_request, "should be a bad request since changesets is empty"
   end
 
@@ -1722,7 +1723,7 @@ EOF
     ["abracadabra!",
      "1,2,3,F",
      ";drop table users;"].each do |bbox|
-      get :query, :bbox => bbox
+      get :query, :params => { :bbox => bbox }
       assert_response :bad_request, "'#{bbox}' isn't a bbox"
     end
 
@@ -1731,7 +1732,7 @@ EOF
      ";drop table users;",
      ",",
      "-,-"].each do |time|
-      get :query, :time => time
+      get :query, :params => { :time => time }
       assert_response :bad_request, "'#{time}' isn't a valid time range"
     end
 
@@ -1739,7 +1740,7 @@ EOF
      "foobar",
      "-1",
      "0"].each do |uid|
-      get :query, :user => uid
+      get :query, :params => { :user => uid }
       assert_response :bad_request, "'#{uid}' isn't a valid user ID"
     end
   end
@@ -1761,17 +1762,17 @@ EOF
     content new_changeset
 
     # try without any authorization
-    put :update, :id => private_changeset.id
+    put :update, :params => { :id => private_changeset.id }
     assert_response :unauthorized
 
     # try with the wrong authorization
     basic_authorization create(:user).email, "test"
-    put :update, :id => private_changeset.id
+    put :update, :params => { :id => private_changeset.id }
     assert_response :conflict
 
     # now this should get an unauthorized
     basic_authorization private_user.email, "test"
-    put :update, :id => private_changeset.id
+    put :update, :params => { :id => private_changeset.id }
     assert_require_public_data "user with their data non-public, shouldn't be able to edit their changeset"
 
     ## Now try with the public user
@@ -1785,17 +1786,17 @@ EOF
 
     # try without any authorization
     @request.env["HTTP_AUTHORIZATION"] = nil
-    put :update, :id => changeset.id
+    put :update, :params => { :id => changeset.id }
     assert_response :unauthorized
 
     # try with the wrong authorization
     basic_authorization create(:user).email, "test"
-    put :update, :id => changeset.id
+    put :update, :params => { :id => changeset.id }
     assert_response :conflict
 
     # now this should work...
     basic_authorization user.email, "test"
-    put :update, :id => changeset.id
+    put :update, :params => { :id => changeset.id }
     assert_response :success
 
     assert_select "osm>changeset[id='#{changeset.id}']", 1
@@ -1817,7 +1818,7 @@ EOF
     new_changeset.find("//osm/changeset").first << new_tag
 
     content new_changeset
-    put :update, :id => changeset.id
+    put :update, :params => { :id => changeset.id }
     assert_response :conflict
   end
 
@@ -1848,7 +1849,7 @@ EOF
       assert_response :success, "can't create a new node"
       node_id = @response.body.to_i
 
-      get :read, :id => node_id
+      get :read, :params => { :id => node_id }
       assert_response :success, "can't read back new node"
       node_doc = XML::Parser.string(@response.body).parse
       node_xml = node_doc.find("//osm/node").first
@@ -1860,7 +1861,7 @@ EOF
         node_xml["version"] = (i + 1).to_s
 
         content node_doc
-        put :update, :id => node_id
+        put :update, :params => { :id => node_id }
         assert_response :success, "attempt #{i} should have succeeded"
       end
 
@@ -1870,7 +1871,7 @@ EOF
       node_xml["version"] = offset.to_s
 
       content node_doc
-      put :update, :id => node_id
+      put :update, :params => { :id => node_id }
       assert_response :conflict, "final attempt should have failed"
     end
 
@@ -1886,13 +1887,13 @@ EOF
   ##
   # This should display the last 20 changesets closed
   def test_list
-    get :list, :format => "html"
+    get :list, :params => { :format => "html" }
     assert_response :success
     assert_template "history"
     assert_template :layout => "map"
     assert_select "h2", :text => "Changesets", :count => 1
 
-    xhr :get, :list, :format => "html", :list => "1"
+    get :list, :params => { :format => "html", :list => "1" }, :xhr => true
     assert_response :success
     assert_template "list"
 
@@ -1902,13 +1903,13 @@ EOF
   ##
   # This should display the last 20 changesets closed
   def test_list_xhr
-    xhr :get, :list, :format => "html"
+    get :list, :params => { :format => "html" }, :xhr => true
     assert_response :success
     assert_template "history"
     assert_template :layout => "xhr"
     assert_select "h2", :text => "Changesets", :count => 1
 
-    xhr :get, :list, :format => "html", :list => "1"
+    get :list, :params => { :format => "html", :list => "1" }, :xhr => true
     assert_response :success
     assert_template "list"
 
@@ -1918,13 +1919,13 @@ EOF
   ##
   # This should display the last 20 changesets closed in a specific area
   def test_list_bbox
-    get :list, :format => "html", :bbox => "4.5,4.5,5.5,5.5"
+    get :list, :params => { :format => "html", :bbox => "4.5,4.5,5.5,5.5" }
     assert_response :success
     assert_template "history"
     assert_template :layout => "map"
     assert_select "h2", :text => "Changesets", :count => 1
 
-    xhr :get, :list, :format => "html", :bbox => "4.5,4.5,5.5,5.5", :list => "1"
+    get :list, :params => { :format => "html", :bbox => "4.5,4.5,5.5,5.5", :list => "1" }, :xhr => true
     assert_response :success
     assert_template "list"
 
@@ -1938,11 +1939,11 @@ EOF
     create(:changeset, :user => user)
     create(:changeset, :closed, :user => user)
 
-    get :list, :format => "html", :display_name => user.display_name
+    get :list, :params => { :format => "html", :display_name => user.display_name }
     assert_response :success
     assert_template "history"
 
-    xhr :get, :list, :format => "html", :display_name => user.display_name, :list => "1"
+    get :list, :params => { :format => "html", :display_name => user.display_name, :list => "1" }, :xhr => true
     assert_response :success
     assert_template "list"
 
@@ -1956,11 +1957,11 @@ EOF
     create(:changeset, :user => private_user)
     create(:changeset, :closed, :user => private_user)
 
-    get :list, :format => "html", :display_name => private_user.display_name
+    get :list, :params => { :format => "html", :display_name => private_user.display_name }
     assert_response :success
     assert_template "history"
 
-    xhr :get, :list, :format => "html", :display_name => private_user.display_name, :list => "1"
+    get :list, :params => { :format => "html", :display_name => private_user.display_name, :list => "1" }, :xhr => true
     assert_response :success
     assert_template "list"
 
@@ -1970,11 +1971,11 @@ EOF
   ##
   # Check the not found of the list user changesets
   def test_list_user_not_found
-    get :list, :format => "html", :display_name => "Some random user"
+    get :list, :params => { :format => "html", :display_name => "Some random user" }
     assert_response :not_found
     assert_template "user/no_such_user"
 
-    xhr :get, :list, :format => "html", :display_name => "Some random user", :list => "1"
+    get :list, :params => { :format => "html", :display_name => "Some random user", :list => "1" }, :xhr => true
     assert_response :not_found
     assert_template "user/no_such_user"
   end
@@ -1986,17 +1987,17 @@ EOF
     friend = create(:friend, :befriender => private_user)
     create(:changeset, :user => friend.befriendee)
 
-    get :list, :friends => true
+    get :list, :params => { :friends => true }
     assert_response :redirect
     assert_redirected_to :controller => :user, :action => :login, :referer => friend_changesets_path
 
     session[:user] = private_user.id
 
-    get :list, :friends => true
+    get :list, :params => { :friends => true }
     assert_response :success
     assert_template "history"
 
-    xhr :get, :list, :friends => true, :list => "1"
+    get :list, :params => { :friends => true, :list => "1" }, :xhr => true
     assert_response :success
     assert_template "list"
 
@@ -2010,17 +2011,17 @@ EOF
     user = create(:user, :home_lat => 51.0, :home_lon => 1.0)
     create(:changeset, :user => user)
 
-    get :list, :nearby => true
+    get :list, :params => { :nearby => true }
     assert_response :redirect
     assert_redirected_to :controller => :user, :action => :login, :referer => nearby_changesets_path
 
     session[:user] = private_user.id
 
-    get :list, :nearby => true
+    get :list, :params => { :nearby => true }
     assert_response :success
     assert_template "history"
 
-    xhr :get, :list, :nearby => true, :list => "1"
+    get :list, :params => { :nearby => true, :list => "1" }, :xhr => true
     assert_response :success
     assert_template "list"
 
@@ -2030,13 +2031,13 @@ EOF
   ##
   # Check that we can't request later pages of the changesets list
   def test_list_max_id
-    xhr :get, :list, :format => "html", :max_id => 4
+    get :list, :params => { :format => "html", :max_id => 4 }, :xhr => true
     assert_response :success
     assert_template "history"
     assert_template :layout => "xhr"
     assert_select "h2", :text => "Changesets", :count => 1
 
-    xhr :get, :list, :format => "html", :list => "1", :max_id => 4
+    get :list, :params => { :format => "html", :list => "1", :max_id => 4 }, :xhr => true
     assert_response :success
     assert_template "list"
 
@@ -2050,7 +2051,7 @@ EOF
     closed_changeset = create(:changeset, :closed, :num_changes => 1)
     _empty_changeset = create(:changeset, :num_changes => 0)
 
-    get :feed, :format => :atom
+    get :feed, :params => { :format => :atom }
     assert_response :success
     assert_template "list"
     assert_equal "application/atom+xml", response.content_type
@@ -2066,7 +2067,7 @@ EOF
     _elsewhere_changeset = create(:changeset, :num_changes => 1, :min_lat => -5 * GeoRecord::SCALE, :min_lon => -5 * GeoRecord::SCALE, :max_lat => -5 * GeoRecord::SCALE, :max_lon => -5 * GeoRecord::SCALE)
     _empty_changeset = create(:changeset, :num_changes => 0, :min_lat => -5 * GeoRecord::SCALE, :min_lon => -5 * GeoRecord::SCALE, :max_lat => -5 * GeoRecord::SCALE, :max_lon => -5 * GeoRecord::SCALE)
 
-    get :feed, :format => :atom, :bbox => "4.5,4.5,5.5,5.5"
+    get :feed, :params => { :format => :atom, :bbox => "4.5,4.5,5.5,5.5" }
     assert_response :success
     assert_template "list"
     assert_equal "application/atom+xml", response.content_type
@@ -2081,7 +2082,8 @@ EOF
     changesets = create_list(:changeset, 3, :user => user, :num_changes => 4)
     _other_changeset = create(:changeset)
 
-    get :feed, :format => :atom, :display_name => user.display_name
+    get :feed, :params => { :format => :atom, :display_name => user.display_name }
+
     assert_response :success
     assert_template "list"
     assert_equal "application/atom+xml", response.content_type
@@ -2092,14 +2094,14 @@ EOF
   ##
   # Check the not found of the user changesets feed
   def test_feed_user_not_found
-    get :feed, :format => "atom", :display_name => "Some random user"
+    get :feed, :params => { :format => "atom", :display_name => "Some random user" }
     assert_response :not_found
   end
 
   ##
   # Check that we can't request later pages of the changesets feed
   def test_feed_max_id
-    get :feed, :format => "atom", :max_id => 100
+    get :feed, :params => { :format => "atom", :max_id => 100 }
     assert_response :redirect
     assert_redirected_to :action => :feed
   end
@@ -2113,7 +2115,7 @@ EOF
     node_v1 = node.old_nodes.find_by(:version => 1)
     node_v1.redact!(create(:redaction))
 
-    get :download, :id => changeset.id
+    get :download, :params => { :id => changeset.id }
     assert_response :success
 
     assert_select "osmChange", 1
@@ -2137,7 +2139,7 @@ EOF
 
     assert_difference "ChangesetComment.count", 1 do
       assert_no_difference "ActionMailer::Base.deliveries.size" do
-        post :comment, :id => private_user_closed_changeset.id, :text => "This is a comment"
+        post :comment, :params => { :id => private_user_closed_changeset.id, :text => "This is a comment" }
       end
     end
     assert_response :success
@@ -2150,7 +2152,7 @@ EOF
 
     assert_difference "ChangesetComment.count", 1 do
       assert_difference "ActionMailer::Base.deliveries.size", 1 do
-        post :comment, :id => changeset.id, :text => "This is a comment"
+        post :comment, :params => { :id => changeset.id, :text => "This is a comment" }
       end
     end
     assert_response :success
@@ -2166,7 +2168,7 @@ EOF
 
     assert_difference "ChangesetComment.count", 1 do
       assert_difference "ActionMailer::Base.deliveries.size", 2 do
-        post :comment, :id => changeset.id, :text => "This is a comment"
+        post :comment, :params => { :id => changeset.id, :text => "This is a comment" }
       end
     end
     assert_response :success
@@ -2188,32 +2190,32 @@ EOF
   # create comment fail
   def test_create_comment_fail
     # unauthorized
-    post :comment, :id => create(:changeset, :closed).id, :text => "This is a comment"
+    post :comment, :params => { :id => create(:changeset, :closed).id, :text => "This is a comment" }
     assert_response :unauthorized
 
     basic_authorization(create(:user).email, "test")
 
     # bad changeset id
     assert_no_difference "ChangesetComment.count" do
-      post :comment, :id => 999111, :text => "This is a comment"
+      post :comment, :params => { :id => 999111, :text => "This is a comment" }
     end
     assert_response :not_found
 
     # not closed changeset
     assert_no_difference "ChangesetComment.count" do
-      post :comment, :id => create(:changeset).id, :text => "This is a comment"
+      post :comment, :params => { :id => create(:changeset).id, :text => "This is a comment" }
     end
     assert_response :conflict
 
     # no text
     assert_no_difference "ChangesetComment.count" do
-      post :comment, :id => create(:changeset, :closed).id
+      post :comment, :params => { :id => create(:changeset, :closed).id }
     end
     assert_response :bad_request
 
     # empty text
     assert_no_difference "ChangesetComment.count" do
-      post :comment, :id => create(:changeset, :closed).id, :text => ""
+      post :comment, :params => { :id => create(:changeset, :closed).id, :text => "" }
     end
     assert_response :bad_request
   end
@@ -2225,7 +2227,7 @@ EOF
     changeset = create(:changeset, :closed)
 
     assert_difference "changeset.subscribers.count", 1 do
-      post :subscribe, :id => changeset.id
+      post :subscribe, :params => { :id => changeset.id }
     end
     assert_response :success
   end
@@ -2238,7 +2240,7 @@ EOF
     # unauthorized
     changeset = create(:changeset, :closed)
     assert_no_difference "changeset.subscribers.count" do
-      post :subscribe, :id => changeset.id
+      post :subscribe, :params => { :id => changeset.id }
     end
     assert_response :unauthorized
 
@@ -2246,14 +2248,14 @@ EOF
 
     # bad changeset id
     assert_no_difference "changeset.subscribers.count" do
-      post :subscribe, :id => 999111
+      post :subscribe, :params => { :id => 999111 }
     end
     assert_response :not_found
 
     # not closed changeset
     changeset = create(:changeset)
     assert_no_difference "changeset.subscribers.count" do
-      post :subscribe, :id => changeset.id
+      post :subscribe, :params => { :id => changeset.id }
     end
     assert_response :conflict
 
@@ -2261,7 +2263,7 @@ EOF
     changeset = create(:changeset, :closed)
     changeset.subscribers.push(user)
     assert_no_difference "changeset.subscribers.count" do
-      post :subscribe, :id => changeset.id
+      post :subscribe, :params => { :id => changeset.id }
     end
     assert_response :conflict
   end
@@ -2275,7 +2277,7 @@ EOF
     changeset.subscribers.push(user)
 
     assert_difference "changeset.subscribers.count", -1 do
-      post :unsubscribe, :id => changeset.id
+      post :unsubscribe, :params => { :id => changeset.id }
     end
     assert_response :success
   end
@@ -2286,7 +2288,7 @@ EOF
     # unauthorized
     changeset = create(:changeset, :closed)
     assert_no_difference "changeset.subscribers.count" do
-      post :unsubscribe, :id => changeset.id
+      post :unsubscribe, :params => { :id => changeset.id }
     end
     assert_response :unauthorized
 
@@ -2294,21 +2296,21 @@ EOF
 
     # bad changeset id
     assert_no_difference "changeset.subscribers.count" do
-      post :unsubscribe, :id => 999111
+      post :unsubscribe, :params => { :id => 999111 }
     end
     assert_response :not_found
 
     # not closed changeset
     changeset = create(:changeset)
     assert_no_difference "changeset.subscribers.count" do
-      post :unsubscribe, :id => changeset.id
+      post :unsubscribe, :params => { :id => changeset.id }
     end
     assert_response :conflict
 
     # trying to unsubscribe when not subscribed
     changeset = create(:changeset, :closed)
     assert_no_difference "changeset.subscribers.count" do
-      post :unsubscribe, :id => changeset.id
+      post :unsubscribe, :params => { :id => changeset.id }
     end
     assert_response :not_found
   end
@@ -2320,21 +2322,21 @@ EOF
     comment = create(:changeset_comment)
     assert_equal true, comment.visible
 
-    post :hide_comment, :id => comment.id
+    post :hide_comment, :params => { :id => comment.id }
     assert_response :unauthorized
     assert_equal true, comment.reload.visible
 
     basic_authorization(create(:user).email, "test")
 
     # not a moderator
-    post :hide_comment, :id => comment.id
+    post :hide_comment, :params => { :id => comment.id }
     assert_response :forbidden
     assert_equal true, comment.reload.visible
 
     basic_authorization(create(:moderator_user).email, "test")
 
     # bad comment id
-    post :hide_comment, :id => 999111
+    post :hide_comment, :params => { :id => 999111 }
     assert_response :not_found
     assert_equal true, comment.reload.visible
   end
@@ -2347,7 +2349,7 @@ EOF
 
     basic_authorization(create(:moderator_user).email, "test")
 
-    post :hide_comment, :id => comment.id
+    post :hide_comment, :params => { :id => comment.id }
     assert_response :success
     assert_equal false, comment.reload.visible
   end
@@ -2359,21 +2361,21 @@ EOF
     comment = create(:changeset_comment, :visible => false)
     assert_equal false, comment.visible
 
-    post :unhide_comment, :id => comment.id
+    post :unhide_comment, :params => { :id => comment.id }
     assert_response :unauthorized
     assert_equal false, comment.reload.visible
 
     basic_authorization(create(:user).email, "test")
 
     # not a moderator
-    post :unhide_comment, :id => comment.id
+    post :unhide_comment, :params => { :id => comment.id }
     assert_response :forbidden
     assert_equal false, comment.reload.visible
 
     basic_authorization(create(:moderator_user).email, "test")
 
     # bad comment id
-    post :unhide_comment, :id => 999111
+    post :unhide_comment, :params => { :id => 999111 }
     assert_response :not_found
     assert_equal false, comment.reload.visible
   end
@@ -2386,7 +2388,7 @@ EOF
 
     basic_authorization(create(:moderator_user).email, "test")
 
-    post :unhide_comment, :id => comment.id
+    post :unhide_comment, :params => { :id => comment.id }
     assert_response :success
     assert_equal true, comment.reload.visible
   end
@@ -2397,7 +2399,7 @@ EOF
     changeset = create(:changeset, :closed)
     create_list(:changeset_comment, 3, :changeset => changeset)
 
-    get :comments_feed, :format => "rss"
+    get :comments_feed, :params => { :format => "rss" }
     assert_response :success
     assert_equal "application/rss+xml", @response.content_type
     assert_select "rss", :count => 1 do
@@ -2406,7 +2408,7 @@ EOF
       end
     end
 
-    get :comments_feed, :format => "rss", :limit => 2
+    get :comments_feed, :params => { :format => "rss", :limit => 2 }
     assert_response :success
     assert_equal "application/rss+xml", @response.content_type
     assert_select "rss", :count => 1 do
@@ -2415,7 +2417,7 @@ EOF
       end
     end
 
-    get :comments_feed, :id => changeset.id, :format => "rss"
+    get :comments_feed, :params => { :id => changeset.id, :format => "rss" }
     assert_response :success
     assert_equal "application/rss+xml", @response.content_type
     assert_select "rss", :count => 1 do
@@ -2428,10 +2430,10 @@ EOF
   ##
   # test comments feed
   def test_comments_feed_bad_limit
-    get :comments_feed, :format => "rss", :limit => 0
+    get :comments_feed, :params => { :format => "rss", :limit => 0 }
     assert_response :bad_request
 
-    get :comments_feed, :format => "rss", :limit => 100001
+    get :comments_feed, :params => { :format => "rss", :limit => 100001 }
     assert_response :bad_request
   end
 
@@ -2451,7 +2453,7 @@ EOF
   # call the include method and assert properties of the bbox
   def check_after_include(changeset_id, lon, lat, bbox)
     content "<osm><node lon='#{lon}' lat='#{lat}'/></osm>"
-    post :expand_bbox, :id => changeset_id
+    post :expand_bbox, :params => { :id => changeset_id }
     assert_response :success, "Setting include of changeset failed: #{@response.body}"
 
     # check exactly one changeset
diff --git a/test/controllers/diary_entry_controller_test.rb b/test/controllers/diary_entry_controller_test.rb
index 49d56c4e4..58fffb8d3 100644
--- a/test/controllers/diary_entry_controller_test.rb
+++ b/test/controllers/diary_entry_controller_test.rb
@@ -109,7 +109,7 @@ class DiaryEntryControllerTest < ActionController::TestCase
 
   def test_new_form
     # Now try again when logged in
-    get :new, {}, { :user => create(:user) }
+    get :new, :session => { :user => create(:user) }
     assert_response :success
     assert_select "title", :text => /New Diary Entry/, :count => 1
     assert_select "div.content-heading", :count => 1 do
@@ -133,10 +133,11 @@ class DiaryEntryControllerTest < ActionController::TestCase
   def test_new_get_with_params
     # Now try creating a diary entry using get
     assert_difference "DiaryEntry.count", 0 do
-      get :new, { :commit => "save",
-                  :diary_entry => { :title => "New Title", :body => "This is a new body for the diary entry", :latitude => "1.1",
-                                    :longitude => "2.2", :language_code => "en" } },
-          { :user => create(:user).id }
+      get :new,
+          :params => { :commit => "save",
+                       :diary_entry => { :title => "New Title", :body => "This is a new body for the diary entry", :latitude => "1.1",
+                                         :longitude => "2.2", :language_code => "en" } },
+          :session => { :user => create(:user).id }
     end
     assert_response :success
     assert_template :edit
@@ -146,10 +147,11 @@ class DiaryEntryControllerTest < ActionController::TestCase
     # Now try creating a invalid diary entry with an empty body
     user = create(:user)
     assert_no_difference "DiaryEntry.count" do
-      post :new, { :commit => "save",
-                   :diary_entry => { :title => "New Title", :body => "", :latitude => "1.1",
-                                     :longitude => "2.2", :language_code => "en" } },
-           { :user => user.id }
+      post :new,
+           :params => { :commit => "save",
+                        :diary_entry => { :title => "New Title", :body => "", :latitude => "1.1",
+                                          :longitude => "2.2", :language_code => "en" } },
+           :session => { :user => user.id }
     end
     assert_response :success
     assert_template :edit
@@ -161,10 +163,11 @@ class DiaryEntryControllerTest < ActionController::TestCase
     # Now try creating a diary entry
     user = create(:user)
     assert_difference "DiaryEntry.count", 1 do
-      post :new, { :commit => "save",
-                   :diary_entry => { :title => "New Title", :body => "This is a new body for the diary entry", :latitude => "1.1",
-                                     :longitude => "2.2", :language_code => "en" } },
-           { :user => user.id }
+      post :new,
+           :params => { :commit => "save",
+                        :diary_entry => { :title => "New Title", :body => "This is a new body for the diary entry", :latitude => "1.1",
+                                          :longitude => "2.2", :language_code => "en" } },
+           :session => { :user => user.id }
     end
     assert_response :redirect
     assert_redirected_to :action => :list, :display_name => user.display_name
@@ -188,10 +191,11 @@ class DiaryEntryControllerTest < ActionController::TestCase
 
     # Now try creating a diary entry in a different language
     assert_difference "DiaryEntry.count", 1 do
-      post :new, { :commit => "save",
-                   :diary_entry => { :title => "New Title", :body => "This is a new body for the diary entry", :latitude => "1.1",
-                                     :longitude => "2.2", :language_code => "de" } },
-           { :user => user.id }
+      post :new,
+           :params => { :commit => "save",
+                        :diary_entry => { :title => "New Title", :body => "This is a new body for the diary entry", :latitude => "1.1",
+                                          :longitude => "2.2", :language_code => "de" } },
+           :session => { :user => user.id }
     end
     assert_response :redirect
     assert_redirected_to :action => :list, :display_name => user.display_name
@@ -217,9 +221,10 @@ class DiaryEntryControllerTest < ActionController::TestCase
 
     # Try creating a spammy diary entry
     assert_difference "DiaryEntry.count", 1 do
-      post :new, { :commit => "save",
-                   :diary_entry => { :title => spammy_title, :body => spammy_body, :language_code => "en" } },
-           { :user => user.id }
+      post :new,
+           :params => { :commit => "save",
+                        :diary_entry => { :title => spammy_title, :body => spammy_body, :language_code => "en" } },
+           :session => { :user => user.id }
     end
     assert_response :redirect
     assert_redirected_to :action => :list, :display_name => user.display_name
@@ -231,7 +236,9 @@ class DiaryEntryControllerTest < ActionController::TestCase
     assert_equal "suspended", User.find(user.id).status
 
     # Follow the redirect
-    get :list, { :display_name => user.display_name }, { :user => user }
+    get :list,
+        :params => { :display_name => user.display_name },
+        :session => { :user => user }
     assert_response :redirect
     assert_redirected_to :controller => :user, :action => :suspended
   end
@@ -244,12 +251,15 @@ class DiaryEntryControllerTest < ActionController::TestCase
 
     # Make sure that you are redirected to the login page when you are
     # not logged in, without and with the id of the entry you want to edit
-    get :edit, :display_name => entry.user.display_name, :id => entry.id
+    get :edit,
+        :params => { :display_name => entry.user.display_name, :id => entry.id }
     assert_response :redirect
     assert_redirected_to :controller => :user, :action => :login, :referer => "/user/#{URI.encode(entry.user.display_name)}/diary/#{entry.id}/edit"
 
     # Verify that you get a not found error, when you pass a bogus id
-    get :edit, { :display_name => entry.user.display_name, :id => 9999 }, { :user => entry.user }
+    get :edit,
+        :params => { :display_name => entry.user.display_name, :id => 9999 },
+        :session => { :user => entry.user }
     assert_response :not_found
     assert_select "div.content-heading", :count => 1 do
       assert_select "h2", :text => "No entry with the id: 9999", :count => 1
@@ -257,13 +267,17 @@ class DiaryEntryControllerTest < ActionController::TestCase
 
     # Verify that you get redirected to view if you are not the user
     # that created the entry
-    get :edit, { :display_name => entry.user.display_name, :id => entry.id }, { :user => other_user }
+    get :edit,
+        :params => { :display_name => entry.user.display_name, :id => entry.id },
+        :session => { :user => other_user }
     assert_response :redirect
     assert_redirected_to :action => :view, :display_name => entry.user.display_name, :id => entry.id
 
     # Now pass the id, and check that you can edit it, when using the same
     # user as the person who created the entry
-    get :edit, { :display_name => entry.user.display_name, :id => entry.id }, { :user => entry.user }
+    get :edit,
+        :params => { :display_name => entry.user.display_name, :id => entry.id },
+        :session => { :user => entry.user }
     assert_response :success
     assert_select "title", :text => /Edit diary entry/, :count => 1
     assert_select "div.content-heading", :count => 1 do
@@ -289,15 +303,18 @@ class DiaryEntryControllerTest < ActionController::TestCase
     new_latitude = "1.1"
     new_longitude = "2.2"
     new_language_code = "en"
-    post :edit, { :display_name => entry.user.display_name, :id => entry.id, :commit => "save",
-                  :diary_entry => { :title => new_title, :body => new_body, :latitude => new_latitude,
-                                    :longitude => new_longitude, :language_code => new_language_code } },
-         { :user => entry.user.id }
+    post :edit,
+         :params => { :display_name => entry.user.display_name, :id => entry.id, :commit => "save",
+                      :diary_entry => { :title => new_title, :body => new_body, :latitude => new_latitude,
+                                        :longitude => new_longitude, :language_code => new_language_code } },
+         :session => { :user => entry.user.id }
     assert_response :redirect
     assert_redirected_to :action => :view, :display_name => entry.user.display_name, :id => entry.id
 
     # Now check that the new data is rendered, when logged in
-    get :view, { :display_name => entry.user.display_name, :id => entry.id }, { :user => entry.user }
+    get :view,
+        :params => { :display_name => entry.user.display_name, :id => entry.id },
+        :session => { :user => entry.user }
     assert_response :success
     assert_template "diary_entry/view"
     assert_select "title", :text => /Users' diaries | /, :count => 1
@@ -316,7 +333,9 @@ class DiaryEntryControllerTest < ActionController::TestCase
     end
 
     # and when not logged in as the user who wrote the entry
-    get :view, { :display_name => entry.user.display_name, :id => entry.id }, { :user => entry.user }
+    get :view,
+        :params => { :display_name => entry.user.display_name, :id => entry.id },
+        :session => { :user => entry.user }
     assert_response :success
     assert_template "diary_entry/view"
     assert_select "title", :text => /Users' diaries | /, :count => 1
@@ -339,7 +358,9 @@ class DiaryEntryControllerTest < ActionController::TestCase
   def test_edit_i18n
     user = create(:user)
     diary_entry = create(:diary_entry, :language_code => "en", :user => user)
-    get :edit, { :display_name => user.display_name, :id => diary_entry.id }, { :user => user }
+    get :edit,
+        :params => { :display_name => user.display_name, :id => diary_entry.id },
+        :session => { :user => user }
     assert_response :success
     assert_select "span[class=translation_missing]", false, "Missing translation in edit diary entry"
   end
@@ -350,23 +371,30 @@ class DiaryEntryControllerTest < ActionController::TestCase
     entry = create(:diary_entry, :user => user)
 
     # Make sure that you are denied when you are not logged in
-    post :comment, :display_name => entry.user.display_name, :id => entry.id
+    post :comment,
+         :params => { :display_name => entry.user.display_name, :id => entry.id }
     assert_response :forbidden
 
     # Verify that you get a not found error, when you pass a bogus id
-    post :comment, { :display_name => entry.user.display_name, :id => 9999 }, { :user => other_user }
+    post :comment,
+         :params => { :display_name => entry.user.display_name, :id => 9999 },
+         :session => { :user => other_user }
     assert_response :not_found
     assert_select "div.content-heading", :count => 1 do
       assert_select "h2", :text => "No entry with the id: 9999", :count => 1
     end
 
-    post :subscribe, { :id => entry.id, :display_name => entry.user.display_name }, { :user => user }
+    post :subscribe,
+         :params => { :id => entry.id, :display_name => entry.user.display_name },
+         :session => { :user => user }
 
     # Now try an invalid comment with an empty body
     assert_no_difference "ActionMailer::Base.deliveries.size" do
       assert_no_difference "DiaryComment.count" do
         assert_no_difference "entry.subscribers.count" do
-          post :comment, { :display_name => entry.user.display_name, :id => entry.id, :diary_comment => { :body => "" } }, { :user => other_user }
+          post :comment,
+               :params => { :display_name => entry.user.display_name, :id => entry.id, :diary_comment => { :body => "" } },
+               :session => { :user => other_user }
         end
       end
     end
@@ -377,7 +405,9 @@ class DiaryEntryControllerTest < ActionController::TestCase
     assert_difference "ActionMailer::Base.deliveries.size", entry.subscribers.count do
       assert_difference "DiaryComment.count", 1 do
         assert_difference "entry.subscribers.count", 1 do
-          post :comment, { :display_name => entry.user.display_name, :id => entry.id, :diary_comment => { :body => "New comment" } }, { :user => other_user }
+          post :comment,
+               :params => { :display_name => entry.user.display_name, :id => entry.id, :diary_comment => { :body => "New comment" } },
+               :session => { :user => other_user }
         end
       end
     end
@@ -395,7 +425,8 @@ class DiaryEntryControllerTest < ActionController::TestCase
     assert_equal "New comment", comment.body
 
     # Now view the diary entry, and check the new comment is present
-    get :view, :display_name => entry.user.display_name, :id => entry.id
+    get :view,
+        :params => { :display_name => entry.user.display_name, :id => entry.id }
     assert_response :success
     assert_select ".diary-comment", :count => 1 do
       assert_select "#comment#{comment.id}", :count => 1 do
@@ -411,7 +442,9 @@ class DiaryEntryControllerTest < ActionController::TestCase
 
     # Find the entry to comment on
     entry = create(:diary_entry, :user => user)
-    post :subscribe, { :id => entry.id, :display_name => entry.user.display_name }, { :user => user }
+    post :subscribe,
+         :params => { :id => entry.id, :display_name => entry.user.display_name },
+         :session => { :user => user }
 
     # Generate some spammy content
     spammy_text = 1.upto(50).map { |n| "http://example.com/spam#{n}" }.join(" ")
@@ -419,7 +452,9 @@ class DiaryEntryControllerTest < ActionController::TestCase
     # Try creating a spammy comment
     assert_difference "ActionMailer::Base.deliveries.size", 1 do
       assert_difference "DiaryComment.count", 1 do
-        post :comment, { :display_name => entry.user.display_name, :id => entry.id, :diary_comment => { :body => spammy_text } }, { :user => other_user }
+        post :comment,
+             :params => { :display_name => entry.user.display_name, :id => entry.id, :diary_comment => { :body => spammy_text } },
+             :session => { :user => other_user }
       end
     end
     assert_response :redirect
@@ -437,12 +472,15 @@ class DiaryEntryControllerTest < ActionController::TestCase
     assert_equal "suspended", User.find(other_user.id).status
 
     # Follow the redirect
-    get :list, { :display_name => user.display_name }, { :user => other_user }
+    get :list,
+        :params => { :display_name => user.display_name },
+        :session => { :user => other_user }
     assert_response :redirect
     assert_redirected_to :controller => :user, :action => :suspended
 
     # Now view the diary entry, and check the new comment is not present
-    get :view, :display_name => entry.user.display_name, :id => entry.id
+    get :view,
+        :params => { :display_name => entry.user.display_name, :id => entry.id }
     assert_response :success
     assert_select ".diary-comment", :count => 0
   end
@@ -466,11 +504,11 @@ class DiaryEntryControllerTest < ActionController::TestCase
     _other_entry = create(:diary_entry, :user => other_user)
 
     # Try a list of diary entries for a valid user
-    get :list, :display_name => user.display_name
+    get :list, :params => { :display_name => user.display_name }
     check_diary_list diary_entry, geo_entry
 
     # Try a list of diary entries for an invalid user
-    get :list, :display_name => "No Such User"
+    get :list, :params => { :display_name => "No Such User" }
     assert_response :not_found
     assert_template "user/no_such_user"
   end
@@ -483,14 +521,14 @@ class DiaryEntryControllerTest < ActionController::TestCase
     _other_entry = create(:diary_entry, :user => other_user)
 
     # Try a list of diary entries for your friends when not logged in
-    get :list, :friends => true
+    get :list, :params => { :friends => true }
     assert_response :redirect
     assert_redirected_to :controller => :user, :action => :login, :referer => "/diary/friends"
 
     # Try a list of diary entries for your friends when logged in
-    get :list, { :friends => true }, { :user => user }
+    get :list, :params => { :friends => true }, :session => { :user => user }
     check_diary_list diary_entry
-    get :list, { :friends => true }, { :user => other_user }
+    get :list, :params => { :friends => true }, :session => { :user => other_user }
     check_diary_list
   end
 
@@ -501,14 +539,14 @@ class DiaryEntryControllerTest < ActionController::TestCase
     diary_entry = create(:diary_entry, :user => user)
 
     # Try a list of diary entries for nearby users when not logged in
-    get :list, :nearby => true
+    get :list, :params => { :nearby => true }
     assert_response :redirect
     assert_redirected_to :controller => :user, :action => :login, :referer => "/diary/nearby"
 
     # Try a list of diary entries for nearby users when logged in
-    get :list, { :nearby => true }, { :user => nearby_user }
+    get :list, :params => { :nearby => true }, :session => { :user => nearby_user }
     check_diary_list diary_entry
-    get :list, { :nearby => true }, { :user => user }
+    get :list, :params => { :nearby => true }, :session => { :user => user }
     check_diary_list
   end
 
@@ -520,15 +558,15 @@ class DiaryEntryControllerTest < ActionController::TestCase
     diary_entry_de = create(:diary_entry, :language_code => "de")
 
     # Try a list of diary entries in english
-    get :list, :language => "en"
+    get :list, :params => { :language => "en" }
     check_diary_list diary_entry_en, diary_entry_en2
 
     # Try a list of diary entries in german
-    get :list, :language => "de"
+    get :list, :params => { :language => "de" }
     check_diary_list diary_entry_de
 
     # Try a list of diary entries in slovenian
-    get :list, :language => "sl"
+    get :list, :params => { :language => "sl" }
     check_diary_list
   end
 
@@ -538,7 +576,7 @@ class DiaryEntryControllerTest < ActionController::TestCase
     create(:diary_entry, :language_code => "en")
     create(:diary_entry, :language_code => "de")
 
-    get :rss, :format => :rss
+    get :rss, :params => { :format => :rss }
     assert_response :success, "Should be able to get a diary RSS"
     assert_select "rss", :count => 1 do
       assert_select "channel", :count => 1 do
@@ -555,13 +593,13 @@ class DiaryEntryControllerTest < ActionController::TestCase
     create(:diary_entry, :language_code => "en")
     create(:diary_entry, :language_code => "de")
 
-    get :rss, :language => "en", :format => :rss
+    get :rss, :params => { :language => "en", :format => :rss }
     assert_response :success, "Should be able to get a specific language diary RSS"
     assert_select "rss>channel>item", :count => 2 # , "Diary entries should be filtered by language"
   end
 
   #  def test_rss_nonexisting_language
-  #    get :rss, {:language => 'xx', :format => :rss}
+  #    get :rss, :params => { :language => 'xx', :format => :rss }
   #    assert_response :not_found, "Should not be able to get a nonexisting language diary RSS"
   #  end
 
@@ -569,7 +607,7 @@ class DiaryEntryControllerTest < ActionController::TestCase
     create(:language, :code => "sl")
     create(:diary_entry, :language_code => "en")
 
-    get :rss, :language => "sl", :format => :rss
+    get :rss, :params => { :language => "sl", :format => :rss }
     assert_response :success, "Should be able to get a specific language diary RSS"
     assert_select "rss>channel>item", :count => 0 # , "Diary entries should be filtered by language"
   end
@@ -581,28 +619,28 @@ class DiaryEntryControllerTest < ActionController::TestCase
     create(:diary_entry, :user => user)
     create(:diary_entry, :user => other_user)
 
-    get :rss, :display_name => user.display_name, :format => :rss
+    get :rss, :params => { :display_name => user.display_name, :format => :rss }
     assert_response :success, "Should be able to get a specific users diary RSS"
     assert_select "rss>channel>item", :count => 2 # , "Diary entries should be filtered by user"
   end
 
   def test_rss_nonexisting_user
     # Try a user that has never existed
-    get :rss, :display_name => "fakeUsername76543", :format => :rss
+    get :rss, :params => { :display_name => "fakeUsername76543", :format => :rss }
     assert_response :not_found, "Should not be able to get a nonexisting users diary RSS"
 
     # Try a suspended user
-    get :rss, :display_name => create(:user, :suspended).display_name, :format => :rss
+    get :rss, :params => { :display_name => create(:user, :suspended).display_name, :format => :rss }
     assert_response :not_found, "Should not be able to get a suspended users diary RSS"
 
     # Try a deleted user
-    get :rss, :display_name => create(:user, :deleted).display_name, :format => :rss
+    get :rss, :params => { :display_name => create(:user, :deleted).display_name, :format => :rss }
     assert_response :not_found, "Should not be able to get a deleted users diary RSS"
   end
 
   def test_rss_character_escaping
     create(:diary_entry, :title => "<script>")
-    get :rss, :format => :rss
+    get :rss, :params => { :format => :rss }
 
     assert_match "<title>&lt;script&gt;</title>", response.body
   end
@@ -614,23 +652,23 @@ class DiaryEntryControllerTest < ActionController::TestCase
 
     # Try a normal entry that should work
     diary_entry = create(:diary_entry, :user => user)
-    get :view, :display_name => user.display_name, :id => diary_entry.id
+    get :view, :params => { :display_name => user.display_name, :id => diary_entry.id }
     assert_response :success
     assert_template :view
 
     # Try a deleted entry
     diary_entry_deleted = create(:diary_entry, :user => user, :visible => false)
-    get :view, :display_name => user.display_name, :id => diary_entry_deleted.id
+    get :view, :params => { :display_name => user.display_name, :id => diary_entry_deleted.id }
     assert_response :not_found
 
     # Try an entry by a suspended user
     diary_entry_suspended = create(:diary_entry, :user => suspended_user)
-    get :view, :display_name => suspended_user.display_name, :id => diary_entry_suspended.id
+    get :view, :params => { :display_name => suspended_user.display_name, :id => diary_entry_suspended.id }
     assert_response :not_found
 
     # Try an entry by a deleted user
     diary_entry_deleted = create(:diary_entry, :user => deleted_user)
-    get :view, :display_name => deleted_user.display_name, :id => diary_entry_deleted.id
+    get :view, :params => { :display_name => deleted_user.display_name, :id => diary_entry_deleted.id }
     assert_response :not_found
   end
 
@@ -643,7 +681,7 @@ class DiaryEntryControllerTest < ActionController::TestCase
     deleted_user_comment = create(:diary_comment, :diary_entry => diary_entry, :user => create(:user, :deleted))
     hidden_comment = create(:diary_comment, :diary_entry => diary_entry, :visible => false)
 
-    get :view, :display_name => user.display_name, :id => diary_entry.id
+    get :view, :params => { :display_name => user.display_name, :id => diary_entry.id }
     assert_response :success
     assert_template :view
     assert_select "div.comments" do
@@ -659,18 +697,23 @@ class DiaryEntryControllerTest < ActionController::TestCase
 
     # Try without logging in
     diary_entry = create(:diary_entry, :user => user)
-    post :hide, :display_name => user.display_name, :id => diary_entry.id
+    post :hide,
+         :params => { :display_name => user.display_name, :id => diary_entry.id }
     assert_response :forbidden
     assert_equal true, DiaryEntry.find(diary_entry.id).visible
 
     # Now try as a normal user
-    post :hide, { :display_name => user.display_name, :id => diary_entry.id }, { :user => user }
+    post :hide,
+         :params => { :display_name => user.display_name, :id => diary_entry.id },
+         :session => { :user => user }
     assert_response :redirect
     assert_redirected_to :action => :view, :display_name => user.display_name, :id => diary_entry.id
     assert_equal true, DiaryEntry.find(diary_entry.id).visible
 
     # Finally try as an administrator
-    post :hide, { :display_name => user.display_name, :id => diary_entry.id }, { :user => create(:administrator_user) }
+    post :hide,
+         :params => { :display_name => user.display_name, :id => diary_entry.id },
+         :session => { :user => create(:administrator_user) }
     assert_response :redirect
     assert_redirected_to :action => :list, :display_name => user.display_name
     assert_equal false, DiaryEntry.find(diary_entry.id).visible
@@ -682,18 +725,23 @@ class DiaryEntryControllerTest < ActionController::TestCase
     diary_entry = create(:diary_entry, :user => user)
     diary_comment = create(:diary_comment, :diary_entry => diary_entry)
     # Try without logging in
-    post :hidecomment, :display_name => user.display_name, :id => diary_entry.id, :comment => diary_comment.id
+    post :hidecomment,
+         :params => { :display_name => user.display_name, :id => diary_entry.id, :comment => diary_comment.id }
     assert_response :forbidden
     assert_equal true, DiaryComment.find(diary_comment.id).visible
 
     # Now try as a normal user
-    post :hidecomment, { :display_name => user.display_name, :id => diary_entry.id, :comment => diary_comment.id }, { :user => user }
+    post :hidecomment,
+         :params => { :display_name => user.display_name, :id => diary_entry.id, :comment => diary_comment.id },
+         :session => { :user => user }
     assert_response :redirect
     assert_redirected_to :action => :view, :display_name => user.display_name, :id => diary_entry.id
     assert_equal true, DiaryComment.find(diary_comment.id).visible
 
     # Finally try as an administrator
-    post :hidecomment, { :display_name => user.display_name, :id => diary_entry.id, :comment => diary_comment.id }, { :user => administrator_user }
+    post :hidecomment,
+         :params => { :display_name => user.display_name, :id => diary_entry.id, :comment => diary_comment.id },
+         :session => { :user => administrator_user }
     assert_response :redirect
     assert_redirected_to :action => :view, :display_name => user.display_name, :id => diary_entry.id
     assert_equal false, DiaryComment.find(diary_comment.id).visible
@@ -705,7 +753,7 @@ class DiaryEntryControllerTest < ActionController::TestCase
     suspended_user = create(:user, :suspended)
     deleted_user = create(:user, :deleted)
     # Test a user with no comments
-    get :comments, :display_name => user.display_name
+    get :comments, :params => { :display_name => user.display_name }
     assert_response :success
     assert_template :comments
     assert_select "table.messages" do
@@ -715,7 +763,7 @@ class DiaryEntryControllerTest < ActionController::TestCase
     # Test a user with a comment
     create(:diary_comment, :user => other_user)
 
-    get :comments, :display_name => other_user.display_name
+    get :comments, :params => { :display_name => other_user.display_name }
     assert_response :success
     assert_template :comments
     assert_select "table.messages" do
@@ -723,11 +771,11 @@ class DiaryEntryControllerTest < ActionController::TestCase
     end
 
     # Test a suspended user
-    get :comments, :display_name => suspended_user.display_name
+    get :comments, :params => { :display_name => suspended_user.display_name }
     assert_response :not_found
 
     # Test a deleted user
-    get :comments, :display_name => deleted_user.display_name
+    get :comments, :params => { :display_name => deleted_user.display_name }
     assert_response :not_found
   end
 
@@ -737,7 +785,9 @@ class DiaryEntryControllerTest < ActionController::TestCase
     diary_entry = create(:diary_entry, :user => user)
 
     assert_difference "diary_entry.subscribers.count", 1 do
-      post :subscribe, { :id => diary_entry.id, :display_name => diary_entry.user.display_name }, { :user => other_user }
+      post :subscribe,
+           :params => { :id => diary_entry.id, :display_name => diary_entry.user.display_name },
+           :session => { :user => other_user }
     end
     assert_response :redirect
   end
@@ -750,18 +800,25 @@ class DiaryEntryControllerTest < ActionController::TestCase
 
     # not signed in
     assert_no_difference "diary_entry.subscribers.count" do
-      post :subscribe, :id => diary_entry.id, :display_name => diary_entry.user.display_name
+      post :subscribe,
+           :params => { :id => diary_entry.id, :display_name => diary_entry.user.display_name }
     end
     assert_response :forbidden
 
     # bad diary id
-    post :subscribe, { :id => 999111, :display_name => "username" }, { :user => other_user }
+    post :subscribe,
+         :params => { :id => 999111, :display_name => "username" },
+         :session => { :user => other_user }
     assert_response :not_found
 
     # trying to subscribe when already subscribed
-    post :subscribe, { :id => diary_entry.id, :display_name => diary_entry.user.display_name }, { :user => other_user }
+    post :subscribe,
+         :params => { :id => diary_entry.id, :display_name => diary_entry.user.display_name },
+         :session => { :user => other_user }
     assert_no_difference "diary_entry.subscribers.count" do
-      post :subscribe, { :id => diary_entry.id, :display_name => diary_entry.user.display_name }, { :user => other_user }
+      post :subscribe,
+           :params => { :id => diary_entry.id, :display_name => diary_entry.user.display_name },
+           :session => { :user => other_user }
     end
   end
 
@@ -771,9 +828,13 @@ class DiaryEntryControllerTest < ActionController::TestCase
 
     diary_entry = create(:diary_entry, :user => user)
 
-    post :subscribe, { :id => diary_entry.id, :display_name => diary_entry.user.display_name }, { :user => other_user }
+    post :subscribe,
+         :params => { :id => diary_entry.id, :display_name => diary_entry.user.display_name },
+         :session => { :user => other_user }
     assert_difference "diary_entry.subscribers.count", -1 do
-      post :unsubscribe, { :id => diary_entry.id, :display_name => diary_entry.user.display_name }, { :user => other_user }
+      post :unsubscribe,
+           :params => { :id => diary_entry.id, :display_name => diary_entry.user.display_name },
+           :session => { :user => other_user }
     end
     assert_response :redirect
   end
@@ -786,17 +847,22 @@ class DiaryEntryControllerTest < ActionController::TestCase
 
     # not signed in
     assert_no_difference "diary_entry.subscribers.count" do
-      post :unsubscribe, :id => diary_entry.id, :display_name => diary_entry.user.display_name
+      post :unsubscribe,
+           :params => { :id => diary_entry.id, :display_name => diary_entry.user.display_name }
     end
     assert_response :forbidden
 
     # bad diary id
-    post :unsubscribe, { :id => 999111, :display_name => "username" }, { :user => other_user }
+    post :unsubscribe,
+         :params => { :id => 999111, :display_name => "username" },
+         :session => { :user => other_user }
     assert_response :not_found
 
     # trying to unsubscribe when not subscribed
     assert_no_difference "diary_entry.subscribers.count" do
-      post :unsubscribe, { :id => diary_entry.id, :display_name => diary_entry.user.display_name }, { :user => other_user }
+      post :unsubscribe,
+           :params => { :id => diary_entry.id, :display_name => diary_entry.user.display_name },
+           :session => { :user => other_user }
     end
   end
 
diff --git a/test/controllers/export_controller_test.rb b/test/controllers/export_controller_test.rb
index 9d1c69e4d..972e08cc3 100644
--- a/test/controllers/export_controller_test.rb
+++ b/test/controllers/export_controller_test.rb
@@ -17,7 +17,7 @@ class ExportControllerTest < ActionController::TestCase
   ###
   # test the finish action for raw OSM data
   def test_finish_osm
-    get :finish, :minlon => 0, :minlat => 50, :maxlon => 1, :maxlat => 51, :format => "osm"
+    get :finish, :params => { :minlon => 0, :minlat => 50, :maxlon => 1, :maxlat => 51, :format => "osm" }
     assert_response :redirect
     assert_redirected_to "controller" => "api", "action" => "map", "bbox" => "0.0,50.0,1.0,51.0"
   end
@@ -25,7 +25,7 @@ class ExportControllerTest < ActionController::TestCase
   ###
   # test the finish action for mapnik images
   def test_finish_mapnik
-    get :finish, :minlon => 0, :minlat => 50, :maxlon => 1, :maxlat => 51, :format => "mapnik", :mapnik_format => "test", :mapnik_scale => "12"
+    get :finish, :params => { :minlon => 0, :minlat => 50, :maxlon => 1, :maxlat => 51, :format => "mapnik", :mapnik_format => "test", :mapnik_scale => "12" }
     assert_response :redirect
     assert_redirected_to "http://render.openstreetmap.org/cgi-bin/export?bbox=0.0,50.0,1.0,51.0&scale=12&format=test"
   end
diff --git a/test/controllers/geocoder_controller_test.rb b/test/controllers/geocoder_controller_test.rb
index c64efa4e5..ecddf96aa 100644
--- a/test/controllers/geocoder_controller_test.rb
+++ b/test/controllers/geocoder_controller_test.rb
@@ -51,7 +51,7 @@ class GeocoderControllerTest < ActionController::TestCase
     get :search
     assert_response :bad_request
 
-    xhr :get, :search
+    get :search, :xhr => true
     assert_response :bad_request
   end
 
@@ -251,7 +251,7 @@ class GeocoderControllerTest < ActionController::TestCase
       "12345",
       "12345-6789"
     ].each do |code|
-      post :search, :query => code
+      post :search, :params => { :query => code }
       assert_response :success
       assert_equal %w[us_postcode osm_nominatim], assigns(:sources)
     end
@@ -288,19 +288,19 @@ class GeocoderControllerTest < ActionController::TestCase
   ##
   # Test the builtin latitude+longitude search
   def test_search_latlon
-    xhr :get, :search_latlon, :lat => 1.23, :lon => 4.56, :zoom => 16
+    get :search_latlon, :params => { :lat => 1.23, :lon => 4.56, :zoom => 16 }, :xhr => true
     results_check :name => "1.23, 4.56", :lat => 1.23, :lon => 4.56, :zoom => 16
 
-    xhr :get, :search_latlon, :lat => -91.23, :lon => 4.56, :zoom => 16
+    get :search_latlon, :params => { :lat => -91.23, :lon => 4.56, :zoom => 16 }, :xhr => true
     results_check_error "Latitude -91.23 out of range"
 
-    xhr :get, :search_latlon, :lat => 91.23, :lon => 4.56, :zoom => 16
+    get :search_latlon, :params => { :lat => 91.23, :lon => 4.56, :zoom => 16 }, :xhr => true
     results_check_error "Latitude 91.23 out of range"
 
-    xhr :get, :search_latlon, :lat => 1.23, :lon => -180.23, :zoom => 16
+    get :search_latlon, :params => { :lat => 1.23, :lon => -180.23, :zoom => 16 }, :xhr => true
     results_check_error "Longitude -180.23 out of range"
 
-    xhr :get, :search_latlon, :lat => 1.23, :lon => 180.23, :zoom => 16
+    get :search_latlon, :params => { :lat => 1.23, :lon => 180.23, :zoom => 16 }, :xhr => true
     results_check_error "Longitude 180.23 out of range"
   end
 
@@ -308,17 +308,17 @@ class GeocoderControllerTest < ActionController::TestCase
   # Test the US postcode search
   def test_search_us_postcode
     with_http_stubs "geocoder_us" do
-      xhr :get, :search_us_postcode,
-          :query => "90210", :zoom => 10,
-          :minlon => -0.559, :minlat => 51.217,
-          :maxlon => 0.836, :maxlat => 51.766
+      get :search_us_postcode, :xhr => true,
+                               :params => { :query => "90210", :zoom => 10,
+                                            :minlon => -0.559, :minlat => 51.217,
+                                            :maxlon => 0.836, :maxlat => 51.766 }
       results_check :prefix => "Beverly Hills, CA,", :name => "90210",
                     :lat => 34.088808, :lon => -118.40612
 
-      xhr :get, :search_us_postcode,
-          :query => "00000", :zoom => 10,
-          :minlon => -0.559, :minlat => 51.217,
-          :maxlon => 0.836, :maxlat => 51.766
+      get :search_us_postcode, :xhr => true,
+                               :params => { :query => "00000", :zoom => 10,
+                                            :minlon => -0.559, :minlat => 51.217,
+                                            :maxlon => 0.836, :maxlat => 51.766 }
       results_check
     end
   end
@@ -327,16 +327,16 @@ class GeocoderControllerTest < ActionController::TestCase
   # Test the UK postcode search
   def test_search_uk_postcode
     with_http_stubs "npemap" do
-      xhr :get, :search_uk_postcode,
-          :query => "CV4 7AL", :zoom => 10,
-          :minlon => -0.559, :minlat => 51.217,
-          :maxlon => 0.836, :maxlat => 51.766
+      get :search_uk_postcode, :xhr => true,
+                               :params => { :query => "CV4 7AL", :zoom => 10,
+                                            :minlon => -0.559, :minlat => 51.217,
+                                            :maxlon => 0.836, :maxlat => 51.766 }
       results_check :name => "CV4 7AL", :lat => 52.381748701968, :lon => -1.56176420939232
 
-      xhr :get, :search_uk_postcode,
-          :query => "XX9 9XX", :zoom => 10,
-          :minlon => -0.559, :minlat => 51.217,
-          :maxlon => 0.836, :maxlat => 51.766
+      get :search_uk_postcode, :xhr => true,
+                               :params => { :query => "XX9 9XX", :zoom => 10,
+                                            :minlon => -0.559, :minlat => 51.217,
+                                            :maxlon => 0.836, :maxlat => 51.766 }
       results_check
     end
   end
@@ -345,22 +345,22 @@ class GeocoderControllerTest < ActionController::TestCase
   # Test the Canadian postcode search
   def test_search_ca_postcode
     with_http_stubs "geocoder_ca" do
-      xhr :get, :search_ca_postcode,
-          :query => "A1B 2C3", :zoom => 10,
-          :minlon => -0.559, :minlat => 51.217,
-          :maxlon => 0.836, :maxlat => 51.766
+      get :search_ca_postcode, :xhr => true,
+                               :params => { :query => "A1B 2C3", :zoom => 10,
+                                            :minlon => -0.559, :minlat => 51.217,
+                                            :maxlon => 0.836, :maxlat => 51.766 }
       results_check :name => "A1B 2C3", :lat => "47.172520", :lon => "-55.440515"
 
-      xhr :get, :search_ca_postcode,
-          :query => "k1a 0b1", :zoom => 10,
-          :minlon => -0.559, :minlat => 51.217,
-          :maxlon => 0.836, :maxlat => 51.766
+      get :search_ca_postcode, :xhr => true,
+                               :params => { :query => "k1a 0b1", :zoom => 10,
+                                            :minlon => -0.559, :minlat => 51.217,
+                                            :maxlon => 0.836, :maxlat => 51.766 }
       results_check :name => "K1A 0B1", :lat => "45.375437", :lon => "-75.691041"
 
-      xhr :get, :search_ca_postcode,
-          :query => "Q0Q 0Q0", :zoom => 10,
-          :minlon => -0.559, :minlat => 51.217,
-          :maxlon => 0.836, :maxlat => 51.766
+      get :search_ca_postcode, :xhr => true,
+                               :params => { :query => "Q0Q 0Q0", :zoom => 10,
+                                            :minlon => -0.559, :minlat => 51.217,
+                                            :maxlon => 0.836, :maxlat => 51.766 }
       results_check
     end
   end
@@ -369,19 +369,19 @@ class GeocoderControllerTest < ActionController::TestCase
   # Test the nominatim forward search
   def test_search_osm_nominatim
     with_http_stubs "nominatim" do
-      xhr :get, :search_osm_nominatim,
-          :query => "Hoddesdon", :zoom => 10,
-          :minlon => -0.559, :minlat => 51.217,
-          :maxlon => 0.836, :maxlat => 51.766
+      get :search_osm_nominatim, :xhr => true,
+                                 :params => { :query => "Hoddesdon", :zoom => 10,
+                                              :minlon => -0.559, :minlat => 51.217,
+                                              :maxlon => 0.836, :maxlat => 51.766 }
       results_check "name" => "Hoddesdon, Hertfordshire, East of England, England, United Kingdom",
                     "min-lat" => 51.7216709, "max-lat" => 51.8016709,
                     "min-lon" => -0.0512898, "max-lon" => 0.0287102,
                     "type" => "node", "id" => 18007599
 
-      xhr :get, :search_osm_nominatim,
-          :query => "Broxbourne", :zoom => 10,
-          :minlon => -0.559, :minlat => 51.217,
-          :maxlon => 0.836, :maxlat => 51.766
+      get :search_osm_nominatim, :xhr => true,
+                                 :params => { :query => "Broxbourne", :zoom => 10,
+                                              :minlon => -0.559, :minlat => 51.217,
+                                              :maxlon => 0.836, :maxlat => 51.766 }
       results_check({ "prefix" => "Suburb",
                       "name" => "Broxbourne, Hertfordshire, East of England, England, United Kingdom",
                       "min-lat" => 51.7265723, "max-lat" => 51.7665723,
@@ -404,16 +404,16 @@ class GeocoderControllerTest < ActionController::TestCase
   # Test the geonames forward search
   def test_search_geonames
     with_http_stubs "geonames" do
-      xhr :get, :search_geonames,
-          :query => "Hoddesdon", :zoom => 10,
-          :minlon => -0.559, :minlat => 51.217,
-          :maxlon => 0.836, :maxlat => 51.766
+      get :search_geonames, :xhr => true,
+                            :params => { :query => "Hoddesdon", :zoom => 10,
+                                         :minlon => -0.559, :minlat => 51.217,
+                                         :maxlon => 0.836, :maxlat => 51.766 }
       results_check :name => "Hoddesdon", :lat => 51.76148, :lon => -0.01144
 
-      xhr :get, :search_geonames,
-          :query => "Broxbourne", :zoom => 10,
-          :minlon => -0.559, :minlat => 51.217,
-          :maxlon => 0.836, :maxlat => 51.766
+      get :search_geonames, :xhr => true,
+                            :params => { :query => "Broxbourne", :zoom => 10,
+                                         :minlon => -0.559, :minlat => 51.217,
+                                         :maxlon => 0.836, :maxlat => 51.766 }
       results_check({ :name => "Broxbourne", :lat => 51.74712, :lon => -0.01923 },
                     { :name => "Broxbourne District", :lat => 51.73026, :lon => -0.04821 },
                     { :name => "Cheshunt", :lat => 51.70791, :lon => -0.03739 },
@@ -438,12 +438,14 @@ class GeocoderControllerTest < ActionController::TestCase
   # Test the nominatim reverse search
   def test_search_osm_nominatim_reverse
     with_http_stubs "nominatim" do
-      xhr :get, :search_osm_nominatim_reverse, :lat => 51.7632, :lon => -0.0076, :zoom => 15
+      get :search_osm_nominatim_reverse, :xhr => true,
+                                         :params => { :lat => 51.7632, :lon => -0.0076, :zoom => 15 }
       results_check :name => "Broxbourne, Hertfordshire, East of England, England, United Kingdom",
                     :lat => 51.7465723, :lon => -0.0190782,
                     :type => "node", :id => 28825933, :zoom => 15
 
-      xhr :get, :search_osm_nominatim_reverse, :lat => 51.7632, :lon => -0.0076, :zoom => 17
+      get :search_osm_nominatim_reverse, :xhr => true,
+                                         :params => { :lat => 51.7632, :lon => -0.0076, :zoom => 17 }
       results_check :name => "Dinant Link Road, Broxbourne, Hertfordshire, East of England, England, EN11 8HX, United Kingdom",
                     :lat => 51.7634883, :lon => -0.0088373,
                     :type => "way", :id => 3489841, :zoom => 17
@@ -454,7 +456,8 @@ class GeocoderControllerTest < ActionController::TestCase
   # Test the geonames reverse search
   def test_search_geonames_reverse
     with_http_stubs "geonames" do
-      xhr :get, :search_geonames_reverse, :lat => 51.7632, :lon => -0.0076, :zoom => 15
+      get :search_geonames_reverse, :xhr => true,
+                                    :params => { :lat => 51.7632, :lon => -0.0076, :zoom => 15 }
       results_check :name => "England", :suffix => ", United Kingdom",
                     :lat => 51.7632, :lon => -0.0076
     end
@@ -463,7 +466,7 @@ class GeocoderControllerTest < ActionController::TestCase
   private
 
   def latlon_check(query, lat, lon)
-    get :search, :query => query
+    get :search, :params => { :query => query }
     assert_response :success
     assert_template :search
     assert_template :layout => "map"
@@ -472,7 +475,7 @@ class GeocoderControllerTest < ActionController::TestCase
     assert_in_delta lat, @controller.params[:lat]
     assert_in_delta lon, @controller.params[:lon]
 
-    xhr :get, :search, :query => query
+    get :search, :params => { :query => query }, :xhr => true
     assert_response :success
     assert_template :search
     assert_template :layout => "xhr"
@@ -483,13 +486,13 @@ class GeocoderControllerTest < ActionController::TestCase
   end
 
   def search_check(query, sources)
-    get :search, :query => query
+    get :search, :params => { :query => query }
     assert_response :success
     assert_template :search
     assert_template :layout => "map"
     assert_equal sources, assigns(:sources)
 
-    xhr :get, :search, :query => query
+    get :search, :params => { :query => query }, :xhr => true
     assert_response :success
     assert_template :search
     assert_template :layout => "xhr"
diff --git a/test/controllers/message_controller_test.rb b/test/controllers/message_controller_test.rb
index ae71046c1..8a7ae70de 100644
--- a/test/controllers/message_controller_test.rb
+++ b/test/controllers/message_controller_test.rb
@@ -47,7 +47,7 @@ class MessageControllerTest < ActionController::TestCase
   def test_new_no_login
     # Check that the new message page requires us to login
     user = create(:user)
-    get :new, :display_name => user.display_name
+    get :new, :params => { :display_name => user.display_name }
     assert_redirected_to login_path(:referer => new_message_path(:display_name => user.display_name))
   end
 
@@ -60,7 +60,7 @@ class MessageControllerTest < ActionController::TestCase
     session[:user] = user.id
 
     # Check that the new message page loads
-    get :new, :display_name => recipient_user.display_name
+    get :new, :params => { :display_name => recipient_user.display_name }
     assert_response :success
     assert_template "new"
     assert_select "title", "OpenStreetMap | Send message"
@@ -83,8 +83,8 @@ class MessageControllerTest < ActionController::TestCase
     assert_difference "ActionMailer::Base.deliveries.size", 0 do
       assert_difference "Message.count", 0 do
         get :new,
-            :display_name => recipient_user.display_name,
-            :message => { :title => "Test Message", :body => "Test message body" }
+            :params => { :display_name => recipient_user.display_name,
+                         :message => { :title => "Test Message", :body => "Test message body" } }
       end
     end
     assert_response :success
@@ -111,8 +111,8 @@ class MessageControllerTest < ActionController::TestCase
     assert_difference "ActionMailer::Base.deliveries.size", 0 do
       assert_difference "Message.count", 0 do
         post :new,
-             :display_name => recipient_user.display_name,
-             :message => { :title => "Test Message", :body => "" }
+             :params => { :display_name => recipient_user.display_name,
+                          :message => { :title => "Test Message", :body => "" } }
       end
     end
     assert_response :success
@@ -139,8 +139,8 @@ class MessageControllerTest < ActionController::TestCase
     assert_difference "ActionMailer::Base.deliveries.size", 0 do
       assert_difference "Message.count", 0 do
         post :new,
-             :display_name => recipient_user.display_name,
-             :message => { :title => "", :body => "Test message body" }
+             :params => { :display_name => recipient_user.display_name,
+                          :message => { :title => "", :body => "Test message body" } }
       end
     end
     assert_response :success
@@ -167,8 +167,8 @@ class MessageControllerTest < ActionController::TestCase
     assert_difference "ActionMailer::Base.deliveries.size", 1 do
       assert_difference "Message.count", 1 do
         post :new,
-             :display_name => recipient_user.display_name,
-             :message => { :title => "Test Message", :body => "Test message body" }
+             :params => { :display_name => recipient_user.display_name,
+                          :message => { :title => "Test Message", :body => "Test message body" } }
       end
     end
     assert_redirected_to inbox_path(:display_name => user.display_name)
@@ -188,7 +188,7 @@ class MessageControllerTest < ActionController::TestCase
     assert_equal "markdown", m.body_format
 
     # Asking to send a message with a bogus user name should fail
-    get :new, :display_name => "non_existent_user"
+    get :new, :params => { :display_name => "non_existent_user" }
     assert_response :not_found
     assert_template "user/no_such_user"
     assert_select "h1", "The user non_existent_user does not exist"
@@ -207,8 +207,8 @@ class MessageControllerTest < ActionController::TestCase
       assert_no_difference "Message.count" do
         with_message_limit(0) do
           post :new,
-               :display_name => recipient_user.display_name,
-               :message => { :title => "Test Message", :body => "Test message body" }
+               :params => { :display_name => recipient_user.display_name,
+                            :message => { :title => "Test Message", :body => "Test message body" } }
           assert_response :success
           assert_template "new"
           assert_select ".error", /wait a while/
@@ -226,14 +226,14 @@ class MessageControllerTest < ActionController::TestCase
     unread_message = create(:message, :unread, :sender => user, :recipient => recipient_user)
 
     # Check that the message reply page requires us to login
-    get :reply, :message_id => unread_message.id
+    get :reply, :params => { :message_id => unread_message.id }
     assert_redirected_to login_path(:referer => reply_message_path(:message_id => unread_message.id))
 
     # Login as the wrong user
     session[:user] = other_user.id
 
     # Check that we can't reply to somebody else's message
-    get :reply, :message_id => unread_message.id
+    get :reply, :params => { :message_id => unread_message.id }
     assert_redirected_to login_path(:referer => reply_message_path(:message_id => unread_message.id))
     assert_equal "You are logged in as `#{other_user.display_name}' but the message you have asked to reply to was not sent to that user. Please login as the correct user in order to reply.", flash[:notice]
 
@@ -241,7 +241,7 @@ class MessageControllerTest < ActionController::TestCase
     session[:user] = recipient_user.id
 
     # Check that the message reply page loads
-    get :reply, :message_id => unread_message.id
+    get :reply, :params => { :message_id => unread_message.id }
     assert_response :success
     assert_template "new"
     assert_select "title", "OpenStreetMap | Re: #{unread_message.title}"
@@ -258,7 +258,7 @@ class MessageControllerTest < ActionController::TestCase
     end
 
     # Asking to reply to a message with a bogus ID should fail
-    get :reply, :message_id => 99999
+    get :reply, :params => { :message_id => 99999 }
     assert_response :not_found
     assert_template "no_such_message"
   end
@@ -272,14 +272,14 @@ class MessageControllerTest < ActionController::TestCase
     unread_message = create(:message, :unread, :sender => user, :recipient => recipient_user)
 
     # Check that the read message page requires us to login
-    get :read, :message_id => unread_message.id
+    get :read, :params => { :message_id => unread_message.id }
     assert_redirected_to login_path(:referer => read_message_path(:message_id => unread_message.id))
 
     # Login as the wrong user
     session[:user] = other_user.id
 
     # Check that we can't read the message
-    get :read, :message_id => unread_message.id
+    get :read, :params => { :message_id => unread_message.id }
     assert_redirected_to login_path(:referer => read_message_path(:message_id => unread_message.id))
     assert_equal "You are logged in as `#{other_user.display_name}' but the message you have asked to read was not sent by or to that user. Please login as the correct user in order to read it.", flash[:notice]
 
@@ -287,7 +287,7 @@ class MessageControllerTest < ActionController::TestCase
     session[:user] = user.id
 
     # Check that the message sender can read the message
-    get :read, :message_id => unread_message.id
+    get :read, :params => { :message_id => unread_message.id }
     assert_response :success
     assert_template "read"
     assert_equal false, Message.find(unread_message.id).message_read
@@ -296,7 +296,7 @@ class MessageControllerTest < ActionController::TestCase
     session[:user] = recipient_user.id
 
     # Check that the message recipient can read the message
-    get :read, :message_id => unread_message.id
+    get :read, :params => { :message_id => unread_message.id }
     assert_response :success
     assert_template "read"
     assert_equal true, Message.find(unread_message.id).message_read
@@ -307,7 +307,7 @@ class MessageControllerTest < ActionController::TestCase
     end
 
     # Asking to read a message with a bogus ID should fail
-    get :read, :message_id => 99999
+    get :read, :params => { :message_id => 99999 }
     assert_response :not_found
     assert_template "no_such_message"
   end
@@ -319,14 +319,14 @@ class MessageControllerTest < ActionController::TestCase
     other_user = create(:user)
     read_message = create(:message, :read, :recipient => user)
     # Check that the inbox page requires us to login
-    get :inbox, :display_name => user.display_name
+    get :inbox, :params => { :display_name => user.display_name }
     assert_redirected_to login_path(:referer => inbox_path(:display_name => user.display_name))
 
     # Login
     session[:user] = user.id
 
     # Check that we can view our inbox when logged in
-    get :inbox, :display_name => user.display_name
+    get :inbox, :params => { :display_name => user.display_name }
     assert_response :success
     assert_template "inbox"
     assert_select "table.messages", :count => 1 do
@@ -335,7 +335,7 @@ class MessageControllerTest < ActionController::TestCase
     end
 
     # Check that we can't view somebody else's inbox when logged in
-    get :inbox, :display_name => other_user.display_name
+    get :inbox, :params => { :display_name => other_user.display_name }
     assert_redirected_to inbox_path(:display_name => user.display_name)
   end
 
@@ -347,14 +347,14 @@ class MessageControllerTest < ActionController::TestCase
     create(:message, :sender => user)
 
     # Check that the outbox page requires us to login
-    get :outbox, :display_name => user.display_name
+    get :outbox, :params => { :display_name => user.display_name }
     assert_redirected_to login_path(:referer => outbox_path(:display_name => user.display_name))
 
     # Login
     session[:user] = user.id
 
     # Check that we can view our outbox when logged in
-    get :outbox, :display_name => user.display_name
+    get :outbox, :params => { :display_name => user.display_name }
     assert_response :success
     assert_template "outbox"
     assert_select "table.messages", :count => 1 do
@@ -363,7 +363,7 @@ class MessageControllerTest < ActionController::TestCase
     end
 
     # Check that we can't view somebody else's outbox when logged in
-    get :outbox, :display_name => other_user.display_name
+    get :outbox, :params => { :display_name => other_user.display_name }
     assert_redirected_to outbox_path(:display_name => user.display_name)
   end
 
@@ -376,14 +376,14 @@ class MessageControllerTest < ActionController::TestCase
     unread_message = create(:message, :unread, :sender => user, :recipient => recipient_user)
 
     # Check that the marking a message requires us to login
-    post :mark, :message_id => unread_message.id
+    post :mark, :params => { :message_id => unread_message.id }
     assert_response :forbidden
 
     # Login as a user with no messages
     session[:user] = other_user.id
 
     # Check that marking a message we didn't send or receive fails
-    post :mark, :message_id => unread_message.id
+    post :mark, :params => { :message_id => unread_message.id }
     assert_response :not_found
     assert_template "no_such_message"
 
@@ -391,23 +391,23 @@ class MessageControllerTest < ActionController::TestCase
     session[:user] = recipient_user.id
 
     # Check that the marking a message read works
-    post :mark, :message_id => unread_message.id, :mark => "read"
+    post :mark, :params => { :message_id => unread_message.id, :mark => "read" }
     assert_redirected_to inbox_path(:display_name => recipient_user.display_name)
     assert_equal true, Message.find(unread_message.id).message_read
 
     # Check that the marking a message unread works
-    post :mark, :message_id => unread_message.id, :mark => "unread"
+    post :mark, :params => { :message_id => unread_message.id, :mark => "unread" }
     assert_redirected_to inbox_path(:display_name => recipient_user.display_name)
     assert_equal false, Message.find(unread_message.id).message_read
 
     # Check that the marking a message read via XHR works
-    xhr :post, :mark, :message_id => unread_message.id, :mark => "read"
+    post :mark, :xhr => true, :params => { :message_id => unread_message.id, :mark => "read" }
     assert_response :success
     assert_template "mark"
     assert_equal true, Message.find(unread_message.id).message_read
 
     # Check that the marking a message unread via XHR works
-    xhr :post, :mark, :message_id => unread_message.id, :mark => "unread"
+    post :mark, :xhr => true, :params => { :message_id => unread_message.id, :mark => "unread" }
     assert_response :success
     assert_template "mark"
     assert_equal false, Message.find(unread_message.id).message_read
@@ -418,7 +418,7 @@ class MessageControllerTest < ActionController::TestCase
     end
 
     # Asking to mark a message with a bogus ID should fail
-    post :mark, :message_id => 99999
+    post :mark, :params => { :message_id => 99999 }
     assert_response :not_found
     assert_template "no_such_message"
   end
@@ -433,14 +433,14 @@ class MessageControllerTest < ActionController::TestCase
     sent_message = create(:message, :unread, :recipient => second_user, :sender => user)
 
     # Check that the deleting a message requires us to login
-    post :delete, :message_id => read_message.id
+    post :delete, :params => { :message_id => read_message.id }
     assert_response :forbidden
 
     # Login as a user with no messages
     session[:user] = other_user.id
 
     # Check that deleting a message we didn't send or receive fails
-    post :delete, :message_id => read_message.id
+    post :delete, :params => { :message_id => read_message.id }
     assert_response :not_found
     assert_template "no_such_message"
 
@@ -448,7 +448,7 @@ class MessageControllerTest < ActionController::TestCase
     session[:user] = user.id
 
     # Check that the deleting a received message works
-    post :delete, :message_id => read_message.id
+    post :delete, :params => { :message_id => read_message.id }
     assert_redirected_to inbox_path(:display_name => user.display_name)
     assert_equal "Message deleted", flash[:notice]
     m = Message.find(read_message.id)
@@ -456,7 +456,7 @@ class MessageControllerTest < ActionController::TestCase
     assert_equal false, m.to_user_visible
 
     # Check that the deleting a sent message works
-    post :delete, :message_id => sent_message.id, :referer => outbox_path(:display_name => user.display_name)
+    post :delete, :params => { :message_id => sent_message.id, :referer => outbox_path(:display_name => user.display_name) }
     assert_redirected_to outbox_path(:display_name => user.display_name)
     assert_equal "Message deleted", flash[:notice]
     m = Message.find(sent_message.id)
@@ -469,7 +469,7 @@ class MessageControllerTest < ActionController::TestCase
     end
 
     # Asking to delete a message with a bogus ID should fail
-    post :delete, :message_id => 99999
+    post :delete, :params => { :message_id => 99999 }
     assert_response :not_found
     assert_template "no_such_message"
   end
diff --git a/test/controllers/node_controller_test.rb b/test/controllers/node_controller_test.rb
index ce1e26fb0..7aeb5066b 100644
--- a/test/controllers/node_controller_test.rb
+++ b/test/controllers/node_controller_test.rb
@@ -134,15 +134,15 @@ class NodeControllerTest < ActionController::TestCase
 
   def test_read
     # check that a visible node is returned properly
-    get :read, :id => create(:node).id
+    get :read, :params => { :id => create(:node).id }
     assert_response :success
 
     # check that an deleted node is not returned
-    get :read, :id => create(:node, :deleted).id
+    get :read, :params => { :id => create(:node, :deleted).id }
     assert_response :gone
 
     # check chat a non-existent node is not returned
-    get :read, :id => 0
+    get :read, :params => { :id => 0 }
     assert_response :not_found
   end
 
@@ -156,7 +156,7 @@ class NodeControllerTest < ActionController::TestCase
     private_deleted_node = create(:node, :deleted, :changeset => private_user_changeset)
 
     ## first try to delete node without auth
-    delete :delete, :id => private_node.id
+    delete :delete, :params => { :id => private_node.id }
     assert_response :unauthorized
 
     ## now set auth for the non-data public user
@@ -164,26 +164,26 @@ class NodeControllerTest < ActionController::TestCase
 
     # try to delete with an invalid (closed) changeset
     content update_changeset(private_node.to_xml, private_user_closed_changeset.id)
-    delete :delete, :id => private_node.id
+    delete :delete, :params => { :id => private_node.id }
     assert_require_public_data("non-public user shouldn't be able to delete node")
 
     # try to delete with an invalid (non-existent) changeset
     content update_changeset(private_node.to_xml, 0)
-    delete :delete, :id => private_node.id
+    delete :delete, :params => { :id => private_node.id }
     assert_require_public_data("shouldn't be able to delete node, when user's data is private")
 
     # valid delete now takes a payload
     content(private_node.to_xml)
-    delete :delete, :id => private_node.id
+    delete :delete, :params => { :id => private_node.id }
     assert_require_public_data("shouldn't be able to delete node when user's data isn't public'")
 
     # this won't work since the node is already deleted
     content(private_deleted_node.to_xml)
-    delete :delete, :id => private_deleted_node.id
+    delete :delete, :params => { :id => private_deleted_node.id }
     assert_require_public_data
 
     # this won't work since the node never existed
-    delete :delete, :id => 0
+    delete :delete, :params => { :id => 0 }
     assert_require_public_data
 
     ## these test whether nodes which are in-use can be deleted:
@@ -192,7 +192,7 @@ class NodeControllerTest < ActionController::TestCase
     create(:way_node, :node => private_used_node)
 
     content(private_used_node.to_xml)
-    delete :delete, :id => private_used_node.id
+    delete :delete, :params => { :id => private_used_node.id }
     assert_require_public_data "shouldn't be able to delete a node used in a way (#{@response.body})"
 
     # in a relation...
@@ -200,7 +200,7 @@ class NodeControllerTest < ActionController::TestCase
     create(:relation_member, :member => private_used_node2)
 
     content(private_used_node2.to_xml)
-    delete :delete, :id => private_used_node2.id
+    delete :delete, :params => { :id => private_used_node2.id }
     assert_require_public_data "shouldn't be able to delete a node used in a relation (#{@response.body})"
 
     ## now setup for the public data user
@@ -212,30 +212,30 @@ class NodeControllerTest < ActionController::TestCase
 
     # try to delete with an invalid (closed) changeset
     content update_changeset(node.to_xml, closed_changeset.id)
-    delete :delete, :id => node.id
+    delete :delete, :params => { :id => node.id }
     assert_response :conflict
 
     # try to delete with an invalid (non-existent) changeset
     content update_changeset(node.to_xml, 0)
-    delete :delete, :id => node.id
+    delete :delete, :params => { :id => node.id }
     assert_response :conflict
 
     # try to delete a node with a different ID
     other_node = create(:node)
     content(other_node.to_xml)
-    delete :delete, :id => node.id
+    delete :delete, :params => { :id => node.id }
     assert_response :bad_request,
                     "should not be able to delete a node with a different ID from the XML"
 
     # try to delete a node rubbish in the payloads
     content("<delete/>")
-    delete :delete, :id => node.id
+    delete :delete, :params => { :id => node.id }
     assert_response :bad_request,
                     "should not be able to delete a node without a valid XML payload"
 
     # valid delete now takes a payload
     content(node.to_xml)
-    delete :delete, :id => node.id
+    delete :delete, :params => { :id => node.id }
     assert_response :success
 
     # valid delete should return the new version number, which should
@@ -245,11 +245,11 @@ class NodeControllerTest < ActionController::TestCase
 
     # deleting the same node twice doesn't work
     content(node.to_xml)
-    delete :delete, :id => node.id
+    delete :delete, :params => { :id => node.id }
     assert_response :gone
 
     # this won't work since the node never existed
-    delete :delete, :id => 0
+    delete :delete, :params => { :id => 0 }
     assert_response :not_found
 
     ## these test whether nodes which are in-use can be deleted:
@@ -259,7 +259,7 @@ class NodeControllerTest < ActionController::TestCase
     way_node2 = create(:way_node, :node => used_node)
 
     content(used_node.to_xml)
-    delete :delete, :id => used_node.id
+    delete :delete, :params => { :id => used_node.id }
     assert_response :precondition_failed,
                     "shouldn't be able to delete a node used in a way (#{@response.body})"
     assert_equal "Precondition failed: Node #{used_node.id} is still used by ways #{way_node.way.id},#{way_node2.way.id}.", @response.body
@@ -270,7 +270,7 @@ class NodeControllerTest < ActionController::TestCase
     relation_member2 = create(:relation_member, :member => used_node2)
 
     content(used_node2.to_xml)
-    delete :delete, :id => used_node2.id
+    delete :delete, :params => { :id => used_node2.id }
     assert_response :precondition_failed,
                     "shouldn't be able to delete a node used in a relation (#{@response.body})"
     assert_equal "Precondition failed: Node #{used_node2.id} is still used by relations #{relation_member.relation.id},#{relation_member2.relation.id}.", @response.body
@@ -289,7 +289,7 @@ class NodeControllerTest < ActionController::TestCase
     node = create(:node, :changeset => create(:changeset, :user => user))
 
     content node.to_xml
-    put :update, :id => node.id
+    put :update, :params => { :id => node.id }
     assert_response :unauthorized
 
     ## Second test with the private user
@@ -302,40 +302,40 @@ class NodeControllerTest < ActionController::TestCase
     # try and update in someone else's changeset
     content update_changeset(private_node.to_xml,
                              create(:changeset).id)
-    put :update, :id => private_node.id
+    put :update, :params => { :id => private_node.id }
     assert_require_public_data "update with other user's changeset should be forbidden when data isn't public"
 
     # try and update in a closed changeset
     content update_changeset(private_node.to_xml,
                              create(:changeset, :closed, :user => private_user).id)
-    put :update, :id => private_node.id
+    put :update, :params => { :id => private_node.id }
     assert_require_public_data "update with closed changeset should be forbidden, when data isn't public"
 
     # try and update in a non-existant changeset
     content update_changeset(private_node.to_xml, 0)
-    put :update, :id => private_node.id
+    put :update, :params => { :id => private_node.id }
     assert_require_public_data "update with changeset=0 should be forbidden, when data isn't public"
 
     ## try and submit invalid updates
     content xml_attr_rewrite(private_node.to_xml, "lat", 91.0)
-    put :update, :id => private_node.id
+    put :update, :params => { :id => private_node.id }
     assert_require_public_data "node at lat=91 should be forbidden, when data isn't public"
 
     content xml_attr_rewrite(private_node.to_xml, "lat", -91.0)
-    put :update, :id => private_node.id
+    put :update, :params => { :id => private_node.id }
     assert_require_public_data "node at lat=-91 should be forbidden, when data isn't public"
 
     content xml_attr_rewrite(private_node.to_xml, "lon", 181.0)
-    put :update, :id => private_node.id
+    put :update, :params => { :id => private_node.id }
     assert_require_public_data "node at lon=181 should be forbidden, when data isn't public"
 
     content xml_attr_rewrite(private_node.to_xml, "lon", -181.0)
-    put :update, :id => private_node.id
+    put :update, :params => { :id => private_node.id }
     assert_require_public_data "node at lon=-181 should be forbidden, when data isn't public"
 
     ## finally, produce a good request which still won't work
     content private_node.to_xml
-    put :update, :id => private_node.id
+    put :update, :params => { :id => private_node.id }
     assert_require_public_data "should have failed with a forbidden when data isn't public"
 
     ## Finally test with the public user
@@ -343,7 +343,7 @@ class NodeControllerTest < ActionController::TestCase
     # try and update a node without authorisation
     # first try to update node without auth
     content node.to_xml
-    put :update, :id => node.id
+    put :update, :params => { :id => node.id }
     assert_response :forbidden
 
     # setup auth
@@ -354,35 +354,35 @@ class NodeControllerTest < ActionController::TestCase
     # try and update in someone else's changeset
     content update_changeset(node.to_xml,
                              create(:changeset).id)
-    put :update, :id => node.id
+    put :update, :params => { :id => node.id }
     assert_response :conflict, "update with other user's changeset should be rejected"
 
     # try and update in a closed changeset
     content update_changeset(node.to_xml,
                              create(:changeset, :closed, :user => user).id)
-    put :update, :id => node.id
+    put :update, :params => { :id => node.id }
     assert_response :conflict, "update with closed changeset should be rejected"
 
     # try and update in a non-existant changeset
     content update_changeset(node.to_xml, 0)
-    put :update, :id => node.id
+    put :update, :params => { :id => node.id }
     assert_response :conflict, "update with changeset=0 should be rejected"
 
     ## try and submit invalid updates
     content xml_attr_rewrite(node.to_xml, "lat", 91.0)
-    put :update, :id => node.id
+    put :update, :params => { :id => node.id }
     assert_response :bad_request, "node at lat=91 should be rejected"
 
     content xml_attr_rewrite(node.to_xml, "lat", -91.0)
-    put :update, :id => node.id
+    put :update, :params => { :id => node.id }
     assert_response :bad_request, "node at lat=-91 should be rejected"
 
     content xml_attr_rewrite(node.to_xml, "lon", 181.0)
-    put :update, :id => node.id
+    put :update, :params => { :id => node.id }
     assert_response :bad_request, "node at lon=181 should be rejected"
 
     content xml_attr_rewrite(node.to_xml, "lon", -181.0)
-    put :update, :id => node.id
+    put :update, :params => { :id => node.id }
     assert_response :bad_request, "node at lon=-181 should be rejected"
 
     ## next, attack the versioning
@@ -391,37 +391,37 @@ class NodeControllerTest < ActionController::TestCase
     # try and submit a version behind
     content xml_attr_rewrite(node.to_xml,
                              "version", current_node_version - 1)
-    put :update, :id => node.id
+    put :update, :params => { :id => node.id }
     assert_response :conflict, "should have failed on old version number"
 
     # try and submit a version ahead
     content xml_attr_rewrite(node.to_xml,
                              "version", current_node_version + 1)
-    put :update, :id => node.id
+    put :update, :params => { :id => node.id }
     assert_response :conflict, "should have failed on skipped version number"
 
     # try and submit total crap in the version field
     content xml_attr_rewrite(node.to_xml,
                              "version", "p1r4t3s!")
-    put :update, :id => node.id
+    put :update, :params => { :id => node.id }
     assert_response :conflict,
                     "should not be able to put 'p1r4at3s!' in the version field"
 
     ## try an update with the wrong ID
     content create(:node).to_xml
-    put :update, :id => node.id
+    put :update, :params => { :id => node.id }
     assert_response :bad_request,
                     "should not be able to update a node with a different ID from the XML"
 
     ## try an update with a minimal valid XML doc which isn't a well-formed OSM doc.
     content "<update/>"
-    put :update, :id => node.id
+    put :update, :params => { :id => node.id }
     assert_response :bad_request,
                     "should not be able to update a node with non-OSM XML doc."
 
     ## finally, produce a good request which should work
     content node.to_xml
-    put :update, :id => node.id
+    put :update, :params => { :id => node.id }
     assert_response :success, "a valid update request failed"
   end
 
@@ -439,11 +439,11 @@ class NodeControllerTest < ActionController::TestCase
     assert_response :bad_request
 
     # check error when no parameter value provided
-    get :nodes, :nodes => ""
+    get :nodes, :params => { :nodes => "" }
     assert_response :bad_request
 
     # test a working call
-    get :nodes, :nodes => "#{node1.id},#{node2.id},#{node3.id},#{node4.id},#{node5.id}"
+    get :nodes, :params => { :nodes => "#{node1.id},#{node2.id},#{node3.id},#{node4.id},#{node5.id}" }
     assert_response :success
     assert_select "osm" do
       assert_select "node", :count => 5
@@ -455,7 +455,7 @@ class NodeControllerTest < ActionController::TestCase
     end
 
     # check error when a non-existent node is included
-    get :nodes, :nodes => "#{node1.id},#{node2.id},#{node3.id},#{node4.id},#{node5.id},400"
+    get :nodes, :params => { :nodes => "#{node1.id},#{node2.id},#{node3.id},#{node4.id},#{node5.id},400" }
     assert_response :not_found
   end
 
@@ -478,7 +478,7 @@ class NodeControllerTest < ActionController::TestCase
 
     # try and upload it
     content node_xml
-    put :update, :id => existing_tag.node.id
+    put :update, :params => { :id => existing_tag.node.id }
     assert_response :bad_request,
                     "adding duplicate tags to a node should fail with 'bad request'"
     assert_equal "Element node/#{existing_tag.node.id} has duplicate tags with key #{existing_tag.k}", @response.body
@@ -519,7 +519,7 @@ class NodeControllerTest < ActionController::TestCase
     assert_not_nil checknode, "node not found in data base after upload"
 
     # and grab it using the api
-    get :read, :id => nodeid
+    get :read, :params => { :id => nodeid }
     assert_response :success
     apinode = Node.from_xml(@response.body)
     assert_not_nil apinode, "downloaded node is nil, but shouldn't be"
diff --git a/test/controllers/notes_controller_test.rb b/test/controllers/notes_controller_test.rb
index 3ee283f4a..c6d89f1ca 100644
--- a/test/controllers/notes_controller_test.rb
+++ b/test/controllers/notes_controller_test.rb
@@ -128,7 +128,7 @@ class NotesControllerTest < ActionController::TestCase
   def test_create_success
     assert_difference "Note.count", 1 do
       assert_difference "NoteComment.count", 1 do
-        post :create, :lat => -1.0, :lon => -1.0, :text => "This is a comment", :format => "json"
+        post :create, :params => { :lat => -1.0, :lon => -1.0, :text => "This is a comment", :format => "json" }
       end
     end
     assert_response :success
@@ -144,7 +144,7 @@ class NotesControllerTest < ActionController::TestCase
     assert_nil js["properties"]["comments"].last["user"]
     id = js["properties"]["id"]
 
-    get :show, :id => id, :format => "json"
+    get :show, :params => { :id => id, :format => "json" }
     assert_response :success
     js = ActiveSupport::JSON.decode(@response.body)
     assert_not_nil js
@@ -162,63 +162,63 @@ class NotesControllerTest < ActionController::TestCase
   def test_create_fail
     assert_no_difference "Note.count" do
       assert_no_difference "NoteComment.count" do
-        post :create, :lon => -1.0, :text => "This is a comment"
+        post :create, :params => { :lon => -1.0, :text => "This is a comment" }
       end
     end
     assert_response :bad_request
 
     assert_no_difference "Note.count" do
       assert_no_difference "NoteComment.count" do
-        post :create, :lat => -1.0, :text => "This is a comment"
+        post :create, :params => { :lat => -1.0, :text => "This is a comment" }
       end
     end
     assert_response :bad_request
 
     assert_no_difference "Note.count" do
       assert_no_difference "NoteComment.count" do
-        post :create, :lat => -1.0, :lon => -1.0
+        post :create, :params => { :lat => -1.0, :lon => -1.0 }
       end
     end
     assert_response :bad_request
 
     assert_no_difference "Note.count" do
       assert_no_difference "NoteComment.count" do
-        post :create, :lat => -1.0, :lon => -1.0, :text => ""
+        post :create, :params => { :lat => -1.0, :lon => -1.0, :text => "" }
       end
     end
     assert_response :bad_request
 
     assert_no_difference "Note.count" do
       assert_no_difference "NoteComment.count" do
-        post :create, :lat => -100.0, :lon => -1.0, :text => "This is a comment"
+        post :create, :params => { :lat => -100.0, :lon => -1.0, :text => "This is a comment" }
       end
     end
     assert_response :bad_request
 
     assert_no_difference "Note.count" do
       assert_no_difference "NoteComment.count" do
-        post :create, :lat => -1.0, :lon => -200.0, :text => "This is a comment"
+        post :create, :params => { :lat => -1.0, :lon => -200.0, :text => "This is a comment" }
       end
     end
     assert_response :bad_request
 
     assert_no_difference "Note.count" do
       assert_no_difference "NoteComment.count" do
-        post :create, :lat => "abc", :lon => -1.0, :text => "This is a comment"
+        post :create, :params => { :lat => "abc", :lon => -1.0, :text => "This is a comment" }
       end
     end
     assert_response :bad_request
 
     assert_no_difference "Note.count" do
       assert_no_difference "NoteComment.count" do
-        post :create, :lat => -1.0, :lon => "abc", :text => "This is a comment"
+        post :create, :params => { :lat => -1.0, :lon => "abc", :text => "This is a comment" }
       end
     end
     assert_response :bad_request
 
     assert_no_difference "Note.count" do
       assert_no_difference "NoteComment.count" do
-        post :create, :lat => -1.0, :lon => -1.0, :text => "x\u0000y"
+        post :create, :params => { :lat => -1.0, :lon => -1.0, :text => "x\u0000y" }
       end
     end
     assert_response :bad_request
@@ -228,7 +228,7 @@ class NotesControllerTest < ActionController::TestCase
     open_note_with_comment = create(:note_with_comments)
     assert_difference "NoteComment.count", 1 do
       assert_no_difference "ActionMailer::Base.deliveries.size" do
-        post :comment, :id => open_note_with_comment.id, :text => "This is an additional comment", :format => "json"
+        post :comment, :params => { :id => open_note_with_comment.id, :text => "This is an additional comment", :format => "json" }
       end
     end
     assert_response :success
@@ -242,7 +242,7 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal "This is an additional comment", js["properties"]["comments"].last["text"]
     assert_nil js["properties"]["comments"].last["user"]
 
-    get :show, :id => open_note_with_comment.id, :format => "json"
+    get :show, :params => { :id => open_note_with_comment.id, :format => "json" }
     assert_response :success
     js = ActiveSupport::JSON.decode(@response.body)
     assert_not_nil js
@@ -265,7 +265,7 @@ class NotesControllerTest < ActionController::TestCase
     end
     assert_difference "NoteComment.count", 1 do
       assert_difference "ActionMailer::Base.deliveries.size", 2 do
-        post :comment, :id => note_with_comments_by_users.id, :text => "This is an additional comment", :format => "json"
+        post :comment, :params => { :id => note_with_comments_by_users.id, :text => "This is an additional comment", :format => "json" }
       end
     end
     assert_response :success
@@ -289,7 +289,7 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal 1, email.to.length
     assert_equal "[OpenStreetMap] An anonymous user has commented on a note you are interested in", email.subject
 
-    get :show, :id => note_with_comments_by_users.id, :format => "json"
+    get :show, :params => { :id => note_with_comments_by_users.id, :format => "json" }
     assert_response :success
     js = ActiveSupport::JSON.decode(@response.body)
     assert_not_nil js
@@ -307,7 +307,7 @@ class NotesControllerTest < ActionController::TestCase
 
     assert_difference "NoteComment.count", 1 do
       assert_difference "ActionMailer::Base.deliveries.size", 2 do
-        post :comment, :id => note_with_comments_by_users.id, :text => "This is an additional comment", :format => "json"
+        post :comment, :params => { :id => note_with_comments_by_users.id, :text => "This is an additional comment", :format => "json" }
       end
     end
     assert_response :success
@@ -332,7 +332,7 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal 1, email.to.length
     assert_equal "[OpenStreetMap] #{third_user.display_name} has commented on a note you are interested in", email.subject
 
-    get :show, :id => note_with_comments_by_users.id, :format => "json"
+    get :show, :params => { :id => note_with_comments_by_users.id, :format => "json" }
     assert_response :success
     js = ActiveSupport::JSON.decode(@response.body)
     assert_not_nil js
@@ -351,41 +351,41 @@ class NotesControllerTest < ActionController::TestCase
     open_note_with_comment = create(:note_with_comments)
 
     assert_no_difference "NoteComment.count" do
-      post :comment, :text => "This is an additional comment"
+      post :comment, :params => { :text => "This is an additional comment" }
     end
     assert_response :bad_request
 
     assert_no_difference "NoteComment.count" do
-      post :comment, :id => open_note_with_comment.id
+      post :comment, :params => { :id => open_note_with_comment.id }
     end
     assert_response :bad_request
 
     assert_no_difference "NoteComment.count" do
-      post :comment, :id => open_note_with_comment.id, :text => ""
+      post :comment, :params => { :id => open_note_with_comment.id, :text => "" }
     end
     assert_response :bad_request
 
     assert_no_difference "NoteComment.count" do
-      post :comment, :id => 12345, :text => "This is an additional comment"
+      post :comment, :params => { :id => 12345, :text => "This is an additional comment" }
     end
     assert_response :not_found
 
     hidden_note_with_comment = create(:note_with_comments, :status => "hidden")
 
     assert_no_difference "NoteComment.count" do
-      post :comment, :id => hidden_note_with_comment.id, :text => "This is an additional comment"
+      post :comment, :params => { :id => hidden_note_with_comment.id, :text => "This is an additional comment" }
     end
     assert_response :gone
 
     closed_note_with_comment = create(:note_with_comments, :status => "closed", :closed_at => Time.now)
 
     assert_no_difference "NoteComment.count" do
-      post :comment, :id => closed_note_with_comment.id, :text => "This is an additional comment"
+      post :comment, :params => { :id => closed_note_with_comment.id, :text => "This is an additional comment" }
     end
     assert_response :conflict
 
     assert_no_difference "NoteComment.count" do
-      post :comment, :id => open_note_with_comment.id, :text => "x\u0000y"
+      post :comment, :params => { :id => open_note_with_comment.id, :text => "x\u0000y" }
     end
     assert_response :bad_request
   end
@@ -394,12 +394,12 @@ class NotesControllerTest < ActionController::TestCase
     open_note_with_comment = create(:note_with_comments)
     user = create(:user)
 
-    post :close, :id => open_note_with_comment.id, :text => "This is a close comment", :format => "json"
+    post :close, :params => { :id => open_note_with_comment.id, :text => "This is a close comment", :format => "json" }
     assert_response :unauthorized
 
     basic_authorization(user.email, "test")
 
-    post :close, :id => open_note_with_comment.id, :text => "This is a close comment", :format => "json"
+    post :close, :params => { :id => open_note_with_comment.id, :text => "This is a close comment", :format => "json" }
     assert_response :success
     js = ActiveSupport::JSON.decode(@response.body)
     assert_not_nil js
@@ -411,7 +411,7 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal "This is a close comment", js["properties"]["comments"].last["text"]
     assert_equal user.display_name, js["properties"]["comments"].last["user"]
 
-    get :show, :id => open_note_with_comment.id, :format => "json"
+    get :show, :params => { :id => open_note_with_comment.id, :format => "json" }
     assert_response :success
     js = ActiveSupport::JSON.decode(@response.body)
     assert_not_nil js
@@ -433,17 +433,17 @@ class NotesControllerTest < ActionController::TestCase
     post :close
     assert_response :bad_request
 
-    post :close, :id => 12345
+    post :close, :params => { :id => 12345 }
     assert_response :not_found
 
     hidden_note_with_comment = create(:note_with_comments, :status => "hidden")
 
-    post :close, :id => hidden_note_with_comment.id
+    post :close, :params => { :id => hidden_note_with_comment.id }
     assert_response :gone
 
     closed_note_with_comment = create(:note_with_comments, :status => "closed", :closed_at => Time.now)
 
-    post :close, :id => closed_note_with_comment.id
+    post :close, :params => { :id => closed_note_with_comment.id }
     assert_response :conflict
   end
 
@@ -451,12 +451,12 @@ class NotesControllerTest < ActionController::TestCase
     closed_note_with_comment = create(:note_with_comments, :status => "closed", :closed_at => Time.now)
     user = create(:user)
 
-    post :reopen, :id => closed_note_with_comment.id, :text => "This is a reopen comment", :format => "json"
+    post :reopen, :params => { :id => closed_note_with_comment.id, :text => "This is a reopen comment", :format => "json" }
     assert_response :unauthorized
 
     basic_authorization(user.email, "test")
 
-    post :reopen, :id => closed_note_with_comment.id, :text => "This is a reopen comment", :format => "json"
+    post :reopen, :params => { :id => closed_note_with_comment.id, :text => "This is a reopen comment", :format => "json" }
     assert_response :success
     js = ActiveSupport::JSON.decode(@response.body)
     assert_not_nil js
@@ -468,7 +468,7 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal "This is a reopen comment", js["properties"]["comments"].last["text"]
     assert_equal user.display_name, js["properties"]["comments"].last["user"]
 
-    get :show, :id => closed_note_with_comment.id, :format => "json"
+    get :show, :params => { :id => closed_note_with_comment.id, :format => "json" }
     assert_response :success
     js = ActiveSupport::JSON.decode(@response.body)
     assert_not_nil js
@@ -484,27 +484,27 @@ class NotesControllerTest < ActionController::TestCase
   def test_reopen_fail
     hidden_note_with_comment = create(:note_with_comments, :status => "hidden")
 
-    post :reopen, :id => hidden_note_with_comment.id
+    post :reopen, :params => { :id => hidden_note_with_comment.id }
     assert_response :unauthorized
 
     basic_authorization(create(:user).email, "test")
 
-    post :reopen, :id => 12345
+    post :reopen, :params => { :id => 12345 }
     assert_response :not_found
 
-    post :reopen, :id => hidden_note_with_comment.id
+    post :reopen, :params => { :id => hidden_note_with_comment.id }
     assert_response :gone
 
     open_note_with_comment = create(:note_with_comments)
 
-    post :reopen, :id => open_note_with_comment.id
+    post :reopen, :params => { :id => open_note_with_comment.id }
     assert_response :conflict
   end
 
   def test_show_success
     open_note = create(:note_with_comments)
 
-    get :show, :id => open_note.id, :format => "xml"
+    get :show, :params => { :id => open_note.id, :format => "xml" }
     assert_response :success
     assert_equal "application/xml", @response.content_type
     assert_select "osm", :count => 1 do
@@ -521,7 +521,7 @@ class NotesControllerTest < ActionController::TestCase
       end
     end
 
-    get :show, :id => open_note.id, :format => "rss"
+    get :show, :params => { :id => open_note.id, :format => "rss" }
     assert_response :success
     assert_equal "application/rss+xml", @response.content_type
     assert_select "rss", :count => 1 do
@@ -537,7 +537,7 @@ class NotesControllerTest < ActionController::TestCase
       end
     end
 
-    get :show, :id => open_note.id, :format => "json"
+    get :show, :params => { :id => open_note.id, :format => "json" }
     assert_response :success
     assert_equal "application/json", @response.content_type
     js = ActiveSupport::JSON.decode(@response.body)
@@ -553,7 +553,7 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal open_note.created_at.to_s, js["properties"]["date_created"]
     assert_equal open_note.status, js["properties"]["status"]
 
-    get :show, :id => open_note.id, :format => "gpx"
+    get :show, :params => { :id => open_note.id, :format => "gpx" }
     assert_response :success
     assert_equal "application/gpx+xml", @response.content_type
     assert_select "gpx", :count => 1 do
@@ -579,7 +579,7 @@ class NotesControllerTest < ActionController::TestCase
       create(:note_comment, :note => note, :body => "Another valid comment for hidden note")
     end
 
-    get :show, :id => note_with_hidden_comment.id, :format => "json"
+    get :show, :params => { :id => note_with_hidden_comment.id, :format => "json" }
     assert_response :success
     js = ActiveSupport::JSON.decode(@response.body)
     assert_not_nil js
@@ -591,10 +591,10 @@ class NotesControllerTest < ActionController::TestCase
   end
 
   def test_show_fail
-    get :show, :id => 12345
+    get :show, :params => { :id => 12345 }
     assert_response :not_found
 
-    get :show, :id => create(:note, :status => "hidden").id
+    get :show, :params => { :id => create(:note, :status => "hidden").id }
     assert_response :gone
   end
 
@@ -603,17 +603,17 @@ class NotesControllerTest < ActionController::TestCase
     user = create(:user)
     moderator_user = create(:moderator_user)
 
-    delete :destroy, :id => open_note_with_comment.id, :text => "This is a hide comment", :format => "json"
+    delete :destroy, :params => { :id => open_note_with_comment.id, :text => "This is a hide comment", :format => "json" }
     assert_response :unauthorized
 
     basic_authorization(user.email, "test")
 
-    delete :destroy, :id => open_note_with_comment.id, :text => "This is a hide comment", :format => "json"
+    delete :destroy, :params => { :id => open_note_with_comment.id, :text => "This is a hide comment", :format => "json" }
     assert_response :forbidden
 
     basic_authorization(moderator_user.email, "test")
 
-    delete :destroy, :id => open_note_with_comment.id, :text => "This is a hide comment", :format => "json"
+    delete :destroy, :params => { :id => open_note_with_comment.id, :text => "This is a hide comment", :format => "json" }
     assert_response :success
     js = ActiveSupport::JSON.decode(@response.body)
     assert_not_nil js
@@ -625,7 +625,7 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal "This is a hide comment", js["properties"]["comments"].last["text"]
     assert_equal moderator_user.display_name, js["properties"]["comments"].last["user"]
 
-    get :show, :id => open_note_with_comment.id, :format => "json"
+    get :show, :params => { :id => open_note_with_comment.id, :format => "json" }
     assert_response :gone
   end
 
@@ -633,22 +633,22 @@ class NotesControllerTest < ActionController::TestCase
     user = create(:user)
     moderator_user = create(:moderator_user)
 
-    delete :destroy, :id => 12345, :format => "json"
+    delete :destroy, :params => { :id => 12345, :format => "json" }
     assert_response :unauthorized
 
     basic_authorization(user.email, "test")
 
-    delete :destroy, :id => 12345, :format => "json"
+    delete :destroy, :params => { :id => 12345, :format => "json" }
     assert_response :forbidden
 
     basic_authorization(moderator_user.email, "test")
 
-    delete :destroy, :id => 12345, :format => "json"
+    delete :destroy, :params => { :id => 12345, :format => "json" }
     assert_response :not_found
 
     hidden_note_with_comment = create(:note_with_comments, :status => "hidden")
 
-    delete :destroy, :id => hidden_note_with_comment.id, :format => "json"
+    delete :destroy, :params => { :id => hidden_note_with_comment.id, :format => "json" }
     assert_response :gone
   end
 
@@ -657,7 +657,7 @@ class NotesControllerTest < ActionController::TestCase
     create(:note_with_comments, :latitude => position, :longitude => position)
     create(:note_with_comments, :latitude => position, :longitude => position)
 
-    get :index, :bbox => "1,1,1.2,1.2", :format => "rss"
+    get :index, :params => { :bbox => "1,1,1.2,1.2", :format => "rss" }
     assert_response :success
     assert_equal "application/rss+xml", @response.content_type
     assert_select "rss", :count => 1 do
@@ -666,7 +666,7 @@ class NotesControllerTest < ActionController::TestCase
       end
     end
 
-    get :index, :bbox => "1,1,1.2,1.2", :format => "json"
+    get :index, :params => { :bbox => "1,1,1.2,1.2", :format => "json" }
     assert_response :success
     assert_equal "application/json", @response.content_type
     js = ActiveSupport::JSON.decode(@response.body)
@@ -674,14 +674,14 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal "FeatureCollection", js["type"]
     assert_equal 2, js["features"].count
 
-    get :index, :bbox => "1,1,1.2,1.2", :format => "xml"
+    get :index, :params => { :bbox => "1,1,1.2,1.2", :format => "xml" }
     assert_response :success
     assert_equal "application/xml", @response.content_type
     assert_select "osm", :count => 1 do
       assert_select "note", :count => 2
     end
 
-    get :index, :bbox => "1,1,1.2,1.2", :format => "gpx"
+    get :index, :params => { :bbox => "1,1,1.2,1.2", :format => "gpx" }
     assert_response :success
     assert_equal "application/gpx+xml", @response.content_type
     assert_select "gpx", :count => 1 do
@@ -694,7 +694,7 @@ class NotesControllerTest < ActionController::TestCase
     create(:note_with_comments, :latitude => position, :longitude => position)
     create(:note_with_comments, :latitude => position, :longitude => position)
 
-    get :index, :bbox => "1,1,1.2,1.2", :limit => 1, :format => "rss"
+    get :index, :params => { :bbox => "1,1,1.2,1.2", :limit => 1, :format => "rss" }
     assert_response :success
     assert_equal "application/rss+xml", @response.content_type
     assert_select "rss", :count => 1 do
@@ -703,7 +703,7 @@ class NotesControllerTest < ActionController::TestCase
       end
     end
 
-    get :index, :bbox => "1,1,1.2,1.2", :limit => 1, :format => "json"
+    get :index, :params => { :bbox => "1,1,1.2,1.2", :limit => 1, :format => "json" }
     assert_response :success
     assert_equal "application/json", @response.content_type
     js = ActiveSupport::JSON.decode(@response.body)
@@ -711,14 +711,14 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal "FeatureCollection", js["type"]
     assert_equal 1, js["features"].count
 
-    get :index, :bbox => "1,1,1.2,1.2", :limit => 1, :format => "xml"
+    get :index, :params => { :bbox => "1,1,1.2,1.2", :limit => 1, :format => "xml" }
     assert_response :success
     assert_equal "application/xml", @response.content_type
     assert_select "osm", :count => 1 do
       assert_select "note", :count => 1
     end
 
-    get :index, :bbox => "1,1,1.2,1.2", :limit => 1, :format => "gpx"
+    get :index, :params => { :bbox => "1,1,1.2,1.2", :limit => 1, :format => "gpx" }
     assert_response :success
     assert_equal "application/gpx+xml", @response.content_type
     assert_select "gpx", :count => 1 do
@@ -727,7 +727,7 @@ class NotesControllerTest < ActionController::TestCase
   end
 
   def test_index_empty_area
-    get :index, :bbox => "5,5,5.1,5.1", :format => "rss"
+    get :index, :params => { :bbox => "5,5,5.1,5.1", :format => "rss" }
     assert_response :success
     assert_equal "application/rss+xml", @response.content_type
     assert_select "rss", :count => 1 do
@@ -736,7 +736,7 @@ class NotesControllerTest < ActionController::TestCase
       end
     end
 
-    get :index, :bbox => "5,5,5.1,5.1", :format => "json"
+    get :index, :params => { :bbox => "5,5,5.1,5.1", :format => "json" }
     assert_response :success
     assert_equal "application/json", @response.content_type
     js = ActiveSupport::JSON.decode(@response.body)
@@ -744,14 +744,14 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal "FeatureCollection", js["type"]
     assert_equal 0, js["features"].count
 
-    get :index, :bbox => "5,5,5.1,5.1", :format => "xml"
+    get :index, :params => { :bbox => "5,5,5.1,5.1", :format => "xml" }
     assert_response :success
     assert_equal "application/xml", @response.content_type
     assert_select "osm", :count => 1 do
       assert_select "note", :count => 0
     end
 
-    get :index, :bbox => "5,5,5.1,5.1", :format => "gpx"
+    get :index, :params => { :bbox => "5,5,5.1,5.1", :format => "gpx" }
     assert_response :success
     assert_equal "application/gpx+xml", @response.content_type
     assert_select "gpx", :count => 1 do
@@ -760,21 +760,21 @@ class NotesControllerTest < ActionController::TestCase
   end
 
   def test_index_large_area
-    get :index, :bbox => "-2.5,-2.5,2.5,2.5", :format => :json
+    get :index, :params => { :bbox => "-2.5,-2.5,2.5,2.5", :format => :json }
     assert_response :success
     assert_equal "application/json", @response.content_type
 
-    get :index, :l => "-2.5", :b => "-2.5", :r => "2.5", :t => "2.5", :format => :json
+    get :index, :params => { :l => "-2.5", :b => "-2.5", :r => "2.5", :t => "2.5", :format => :json }
     assert_response :success
     assert_equal "application/json", @response.content_type
 
-    get :index, :bbox => "-10,-10,12,12", :format => :json
+    get :index, :params => { :bbox => "-10,-10,12,12", :format => :json }
     assert_response :bad_request
-    assert_equal "text/plain", @response.content_type
+    assert_equal "application/json", @response.content_type
 
-    get :index, :l => "-10", :b => "-10", :r => "12", :t => "12", :format => :json
+    get :index, :params => { :l => "-10", :b => "-10", :r => "12", :t => "12", :format => :json }
     assert_response :bad_request
-    assert_equal "text/plain", @response.content_type
+    assert_equal "application/json", @response.content_type
   end
 
   def test_index_closed
@@ -784,7 +784,7 @@ class NotesControllerTest < ActionController::TestCase
     create(:note_with_comments)
 
     # Open notes + closed in last 7 days
-    get :index, :bbox => "1,1,1.7,1.7", :closed => "7", :format => "json"
+    get :index, :params => { :bbox => "1,1,1.7,1.7", :closed => "7", :format => "json" }
     assert_response :success
     assert_equal "application/json", @response.content_type
     js = ActiveSupport::JSON.decode(@response.body)
@@ -793,7 +793,7 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal 2, js["features"].count
 
     # Only open notes
-    get :index, :bbox => "1,1,1.7,1.7", :closed => "0", :format => "json"
+    get :index, :params => { :bbox => "1,1,1.7,1.7", :closed => "0", :format => "json" }
     assert_response :success
     assert_equal "application/json", @response.content_type
     js = ActiveSupport::JSON.decode(@response.body)
@@ -802,7 +802,7 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal 1, js["features"].count
 
     # Open notes + all closed notes
-    get :index, :bbox => "1,1,1.7,1.7", :closed => "-1", :format => "json"
+    get :index, :params => { :bbox => "1,1,1.7,1.7", :closed => "-1", :format => "json" }
     assert_response :success
     assert_equal "application/json", @response.content_type
     js = ActiveSupport::JSON.decode(@response.body)
@@ -812,42 +812,42 @@ class NotesControllerTest < ActionController::TestCase
   end
 
   def test_index_bad_params
-    get :index, :bbox => "-2.5,-2.5,2.5"
+    get :index, :params => { :bbox => "-2.5,-2.5,2.5" }
     assert_response :bad_request
 
-    get :index, :bbox => "-2.5,-2.5,2.5,2.5,2.5"
+    get :index, :params => { :bbox => "-2.5,-2.5,2.5,2.5,2.5" }
     assert_response :bad_request
 
-    get :index, :b => "-2.5", :r => "2.5", :t => "2.5"
+    get :index, :params => { :b => "-2.5", :r => "2.5", :t => "2.5" }
     assert_response :bad_request
 
-    get :index, :l => "-2.5", :r => "2.5", :t => "2.5"
+    get :index, :params => { :l => "-2.5", :r => "2.5", :t => "2.5" }
     assert_response :bad_request
 
-    get :index, :l => "-2.5", :b => "-2.5", :t => "2.5"
+    get :index, :params => { :l => "-2.5", :b => "-2.5", :t => "2.5" }
     assert_response :bad_request
 
-    get :index, :l => "-2.5", :b => "-2.5", :r => "2.5"
+    get :index, :params => { :l => "-2.5", :b => "-2.5", :r => "2.5" }
     assert_response :bad_request
 
-    get :index, :bbox => "1,1,1.7,1.7", :limit => "0", :format => "json"
+    get :index, :params => { :bbox => "1,1,1.7,1.7", :limit => "0", :format => "json" }
     assert_response :bad_request
 
-    get :index, :bbox => "1,1,1.7,1.7", :limit => "10001", :format => "json"
+    get :index, :params => { :bbox => "1,1,1.7,1.7", :limit => "10001", :format => "json" }
     assert_response :bad_request
   end
 
   def test_search_success
     create(:note_with_comments)
 
-    get :search, :q => "note comment", :format => "xml"
+    get :search, :params => { :q => "note comment", :format => "xml" }
     assert_response :success
     assert_equal "application/xml", @response.content_type
     assert_select "osm", :count => 1 do
       assert_select "note", :count => 1
     end
 
-    get :search, :q => "note comment", :format => "json"
+    get :search, :params => { :q => "note comment", :format => "json" }
     assert_response :success
     assert_equal "application/json", @response.content_type
     js = ActiveSupport::JSON.decode(@response.body)
@@ -855,7 +855,7 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal "FeatureCollection", js["type"]
     assert_equal 1, js["features"].count
 
-    get :search, :q => "note comment", :format => "rss"
+    get :search, :params => { :q => "note comment", :format => "rss" }
     assert_response :success
     assert_equal "application/rss+xml", @response.content_type
     assert_select "rss", :count => 1 do
@@ -864,7 +864,7 @@ class NotesControllerTest < ActionController::TestCase
       end
     end
 
-    get :search, :q => "note comment", :format => "gpx"
+    get :search, :params => { :q => "note comment", :format => "gpx" }
     assert_response :success
     assert_equal "application/gpx+xml", @response.content_type
     assert_select "gpx", :count => 1 do
@@ -875,14 +875,14 @@ class NotesControllerTest < ActionController::TestCase
   def test_search_no_match
     create(:note_with_comments)
 
-    get :search, :q => "no match", :format => "xml"
+    get :search, :params => { :q => "no match", :format => "xml" }
     assert_response :success
     assert_equal "application/xml", @response.content_type
     assert_select "osm", :count => 1 do
       assert_select "note", :count => 0
     end
 
-    get :search, :q => "no match", :format => "json"
+    get :search, :params => { :q => "no match", :format => "json" }
     assert_response :success
     assert_equal "application/json", @response.content_type
     js = ActiveSupport::JSON.decode(@response.body)
@@ -890,7 +890,7 @@ class NotesControllerTest < ActionController::TestCase
     assert_equal "FeatureCollection", js["type"]
     assert_equal 0, js["features"].count
 
-    get :search, :q => "no match", :format => "rss"
+    get :search, :params => { :q => "no match", :format => "rss" }
     assert_response :success
     assert_equal "application/rss+xml", @response.content_type
     assert_select "rss", :count => 1 do
@@ -899,7 +899,7 @@ class NotesControllerTest < ActionController::TestCase
       end
     end
 
-    get :search, :q => "no match", :format => "gpx"
+    get :search, :params => { :q => "no match", :format => "gpx" }
     assert_response :success
     assert_equal "application/gpx+xml", @response.content_type
     assert_select "gpx", :count => 1 do
@@ -911,10 +911,10 @@ class NotesControllerTest < ActionController::TestCase
     get :search
     assert_response :bad_request
 
-    get :search, :q => "no match", :limit => "0", :format => "json"
+    get :search, :params => { :q => "no match", :limit => "0", :format => "json" }
     assert_response :bad_request
 
-    get :search, :q => "no match", :limit => "10001", :format => "json"
+    get :search, :params => { :q => "no match", :limit => "10001", :format => "json" }
     assert_response :bad_request
   end
 
@@ -926,7 +926,7 @@ class NotesControllerTest < ActionController::TestCase
     create(:note_with_comments, :latitude => position, :longitude => position)
     create(:note_with_comments, :latitude => position, :longitude => position)
 
-    get :feed, :format => "rss"
+    get :feed, :params => { :format => "rss" }
     assert_response :success
     assert_equal "application/rss+xml", @response.content_type
     assert_select "rss", :count => 1 do
@@ -935,7 +935,7 @@ class NotesControllerTest < ActionController::TestCase
       end
     end
 
-    get :feed, :bbox => "1,1,1.2,1.2", :format => "rss"
+    get :feed, :params => { :bbox => "1,1,1.2,1.2", :format => "rss" }
     assert_response :success
     assert_equal "application/rss+xml", @response.content_type
     assert_select "rss", :count => 1 do
@@ -946,16 +946,16 @@ class NotesControllerTest < ActionController::TestCase
   end
 
   def test_feed_fail
-    get :feed, :bbox => "1,1,1.2", :format => "rss"
+    get :feed, :params => { :bbox => "1,1,1.2", :format => "rss" }
     assert_response :bad_request
 
-    get :feed, :bbox => "1,1,1.2,1.2,1.2", :format => "rss"
+    get :feed, :params => { :bbox => "1,1,1.2,1.2,1.2", :format => "rss" }
     assert_response :bad_request
 
-    get :feed, :bbox => "1,1,1.2,1.2", :limit => "0", :format => "rss"
+    get :feed, :params => { :bbox => "1,1,1.2,1.2", :limit => "0", :format => "rss" }
     assert_response :bad_request
 
-    get :feed, :bbox => "1,1,1.2,1.2", :limit => "10001", :format => "rss"
+    get :feed, :params => { :bbox => "1,1,1.2,1.2", :limit => "10001", :format => "rss" }
     assert_response :bad_request
   end
 
@@ -975,28 +975,28 @@ class NotesControllerTest < ActionController::TestCase
     end
 
     # Note that the table rows include a header row
-    get :mine, :display_name => first_user.display_name
+    get :mine, :params => { :display_name => first_user.display_name }
     assert_response :success
     assert_select "table.note_list tr", :count => 2
 
-    get :mine, :display_name => second_user.display_name
+    get :mine, :params => { :display_name => second_user.display_name }
     assert_response :success
     assert_select "table.note_list tr", :count => 2
 
-    get :mine, :display_name => "non-existent"
+    get :mine, :params => { :display_name => "non-existent" }
     assert_response :not_found
 
     session[:user] = moderator_user.id
 
-    get :mine, :display_name => first_user.display_name
+    get :mine, :params => { :display_name => first_user.display_name }
     assert_response :success
     assert_select "table.note_list tr", :count => 2
 
-    get :mine, :display_name => second_user.display_name
+    get :mine, :params => { :display_name => second_user.display_name }
     assert_response :success
     assert_select "table.note_list tr", :count => 3
 
-    get :mine, :display_name => "non-existent"
+    get :mine, :params => { :display_name => "non-existent" }
     assert_response :not_found
   end
 end
diff --git a/test/controllers/oauth_clients_controller_test.rb b/test/controllers/oauth_clients_controller_test.rb
index 76f366e3d..81ab290b9 100644
--- a/test/controllers/oauth_clients_controller_test.rb
+++ b/test/controllers/oauth_clients_controller_test.rb
@@ -38,11 +38,14 @@ class OauthClientsControllerTest < ActionController::TestCase
     user = create(:user)
     create_list(:client_application, 2, :user => user)
 
-    get :index, :display_name => user.display_name
+    get :index,
+        :params => { :display_name => user.display_name }
     assert_response :redirect
     assert_redirected_to login_path(:referer => oauth_clients_path(:display_name => user.display_name))
 
-    get :index, { :display_name => user.display_name }, { :user => user }
+    get :index,
+        :params => { :display_name => user.display_name },
+        :session => { :user => user }
     assert_response :success
     assert_template "index"
     assert_select "div.client_application", 2
@@ -51,11 +54,14 @@ class OauthClientsControllerTest < ActionController::TestCase
   def test_new
     user = create(:user)
 
-    get :new, :display_name => user.display_name
+    get :new,
+        :params => { :display_name => user.display_name }
     assert_response :redirect
     assert_redirected_to login_path(:referer => new_oauth_client_path(:display_name => user.display_name))
 
-    get :new, { :display_name => user.display_name }, { :user => user }
+    get :new,
+        :params => { :display_name => user.display_name },
+        :session => { :user => user }
     assert_response :success
     assert_template "new"
     assert_select "form", 1 do
@@ -73,29 +79,25 @@ class OauthClientsControllerTest < ActionController::TestCase
     user = create(:user)
 
     assert_difference "ClientApplication.count", 0 do
-      post :create, :display_name => user.display_name
+      post :create, :params => { :display_name => user.display_name }
     end
     assert_response :forbidden
 
     assert_difference "ClientApplication.count", 0 do
-      post :create, {
-        :display_name => user.display_name,
-        :client_application => {
-          :name => "Test Application"
-        }
-      }, { :user => user }
+      post :create,
+           :params => { :display_name => user.display_name,
+                        :client_application => { :name => "Test Application" } },
+           :session => { :user => user }
     end
     assert_response :success
     assert_template "new"
 
     assert_difference "ClientApplication.count", 1 do
-      post :create, {
-        :display_name => user.display_name,
-        :client_application => {
-          :name => "Test Application",
-          :url => "http://test.example.com/"
-        }
-      }, { :user => user }
+      post :create,
+           :params => { :display_name => user.display_name,
+                        :client_application => { :name => "Test Application",
+                                                 :url => "http://test.example.com/" } },
+           :session => { :user => user }
     end
     assert_response :redirect
     assert_redirected_to oauth_client_path(:id => ClientApplication.find_by(:name => "Test Application").id)
@@ -106,15 +108,20 @@ class OauthClientsControllerTest < ActionController::TestCase
     client = create(:client_application, :user => user)
     other_client = create(:client_application)
 
-    get :show, :display_name => user.display_name, :id => client.id
+    get :show,
+        :params => { :display_name => user.display_name, :id => client.id }
     assert_response :redirect
     assert_redirected_to login_path(:referer => oauth_client_path(:display_name => user.display_name, :id => client.id))
 
-    get :show, { :display_name => user.display_name, :id => other_client.id }, { :user => user }
+    get :show,
+        :params => { :display_name => user.display_name, :id => other_client.id },
+        :session => { :user => user }
     assert_response :not_found
     assert_template "not_found"
 
-    get :show, { :display_name => user.display_name, :id => client.id }, { :user => user }
+    get :show,
+        :params => { :display_name => user.display_name, :id => client.id },
+        :session => { :user => user }
     assert_response :success
     assert_template "show"
   end
@@ -124,15 +131,20 @@ class OauthClientsControllerTest < ActionController::TestCase
     client = create(:client_application, :user => user)
     other_client = create(:client_application)
 
-    get :edit, :display_name => user.display_name, :id => client.id
+    get :edit,
+        :params => { :display_name => user.display_name, :id => client.id }
     assert_response :redirect
     assert_redirected_to login_path(:referer => edit_oauth_client_path(:display_name => user.display_name, :id => client.id))
 
-    get :edit, { :display_name => user.display_name, :id => other_client.id }, { :user => user }
+    get :edit,
+        :params => { :display_name => user.display_name, :id => other_client.id },
+        :session => { :user => user }
     assert_response :not_found
     assert_template "not_found"
 
-    get :edit, { :display_name => user.display_name, :id => client.id }, { :user => user }
+    get :edit,
+        :params => { :display_name => user.display_name, :id => client.id },
+        :session => { :user => user }
     assert_response :success
     assert_template "edit"
     assert_select "form", 1 do
@@ -151,32 +163,29 @@ class OauthClientsControllerTest < ActionController::TestCase
     client = create(:client_application, :user => user)
     other_client = create(:client_application)
 
-    put :update, :display_name => user.display_name, :id => client.id
+    put :update,
+        :params => { :display_name => user.display_name, :id => client.id }
     assert_response :forbidden
 
-    put :update, { :display_name => user.display_name, :id => other_client.id }, { :user => user }
+    put :update,
+        :params => { :display_name => user.display_name, :id => other_client.id },
+        :session => { :user => user }
     assert_response :not_found
     assert_template "not_found"
 
-    put :update, {
-      :display_name => user.display_name,
-      :id => client.id,
-      :client_application => {
-        :name => "New Name",
-        :url => nil
-      }
-    }, { :user => user }
+    put :update,
+        :params => { :display_name => user.display_name,
+                     :id => client.id,
+                     :client_application => { :name => "New Name", :url => nil } },
+        :session => { :user => user }
     assert_response :success
     assert_template "edit"
 
-    put :update, {
-      :display_name => user.display_name,
-      :id => client.id,
-      :client_application => {
-        :name => "New Name",
-        :url => "http://new.example.com/url"
-      }
-    }, { :user => user }
+    put :update,
+        :params => { :display_name => user.display_name,
+                     :id => client.id,
+                     :client_application => { :name => "New Name", :url => "http://new.example.com/url" } },
+        :session => { :user => user }
     assert_response :redirect
     assert_redirected_to oauth_client_path(:id => client.id)
   end
@@ -187,18 +196,23 @@ class OauthClientsControllerTest < ActionController::TestCase
     other_client = create(:client_application)
 
     assert_difference "ClientApplication.count", 0 do
-      delete :destroy, :display_name => user.display_name, :id => client.id
+      delete :destroy,
+             :params => { :display_name => user.display_name, :id => client.id }
     end
     assert_response :forbidden
 
     assert_difference "ClientApplication.count", 0 do
-      delete :destroy, { :display_name => user.display_name, :id => other_client.id }, { :user => user }
+      delete :destroy,
+             :params => { :display_name => user.display_name, :id => other_client.id },
+             :session => { :user => user }
     end
     assert_response :not_found
     assert_template "not_found"
 
     assert_difference "ClientApplication.count", -1 do
-      delete :destroy, { :display_name => user.display_name, :id => client.id }, { :user => user }
+      delete :destroy,
+             :params => { :display_name => user.display_name, :id => client.id },
+             :session => { :user => user }
     end
     assert_response :redirect
     assert_redirected_to oauth_clients_path(:display_name => user.display_name)
diff --git a/test/controllers/old_node_controller_test.rb b/test/controllers/old_node_controller_test.rb
index e6276cc05..be4254279 100644
--- a/test/controllers/old_node_controller_test.rb
+++ b/test/controllers/old_node_controller_test.rb
@@ -61,7 +61,7 @@ class OldNodeControllerTest < ActionController::TestCase
       xml_node["lon"] = precision(rand * 360 - 180).to_s
       with_controller(NodeController.new) do
         content xml_doc
-        put :update, :id => nodeid
+        put :update, :params => { :id => nodeid }
         assert_response :forbidden, "Should have rejected node update"
         xml_node["version"] = @response.body.to_s
       end
@@ -77,7 +77,7 @@ class OldNodeControllerTest < ActionController::TestCase
       xml_node << xml_tag
       with_controller(NodeController.new) do
         content xml_doc
-        put :update, :id => nodeid
+        put :update, :params => { :id => nodeid }
         assert_response :forbidden,
                         "should have rejected node #{nodeid} (#{@response.body}) with forbidden"
         xml_node["version"] = @response.body.to_s
@@ -111,7 +111,7 @@ class OldNodeControllerTest < ActionController::TestCase
       xml_node["lon"] = precision(rand * 360 - 180).to_s
       with_controller(NodeController.new) do
         content xml_doc
-        put :update, :id => nodeid
+        put :update, :params => { :id => nodeid }
         assert_response :success
         xml_node["version"] = @response.body.to_s
       end
@@ -127,7 +127,7 @@ class OldNodeControllerTest < ActionController::TestCase
       xml_node << xml_tag
       with_controller(NodeController.new) do
         content xml_doc
-        put :update, :id => nodeid
+        put :update, :params => { :id => nodeid }
         assert_response :success,
                         "couldn't update node #{nodeid} (#{@response.body})"
         xml_node["version"] = @response.body.to_s
@@ -138,7 +138,7 @@ class OldNodeControllerTest < ActionController::TestCase
 
     # check all the versions
     versions.keys.each do |key|
-      get :version, :id => nodeid, :version => key.to_i
+      get :version, :params => { :id => nodeid, :version => key.to_i }
 
       assert_response :success,
                       "couldn't get version #{key.to_i} of node #{nodeid}"
@@ -158,7 +158,7 @@ class OldNodeControllerTest < ActionController::TestCase
   end
 
   def check_not_found_id_version(id, version)
-    get :version, :id => id, :version => version
+    get :version, :params => { :id => id, :version => version }
     assert_response :not_found
   rescue ActionController::UrlGenerationError => ex
     assert_match /No route matches/, ex.to_s
@@ -238,12 +238,12 @@ class OldNodeControllerTest < ActionController::TestCase
     node_v1 = node.old_nodes.find_by(:version => 1)
     node_v1.redact!(create(:redaction))
 
-    get :version, :id => node_v1.node_id, :version => node_v1.version
+    get :version, :params => { :id => node_v1.node_id, :version => node_v1.version }
     assert_response :forbidden, "Redacted node shouldn't be visible via the version API."
 
     # not even to a logged-in user
     basic_authorization(create(:user).email, "test")
-    get :version, :id => node_v1.node_id, :version => node_v1.version
+    get :version, :params => { :id => node_v1.node_id, :version => node_v1.version }
     assert_response :forbidden, "Redacted node shouldn't be visible via the version API, even when logged in."
   end
 
@@ -254,13 +254,13 @@ class OldNodeControllerTest < ActionController::TestCase
     node_v1 = node.old_nodes.find_by(:version => 1)
     node_v1.redact!(create(:redaction))
 
-    get :history, :id => node_v1.node_id
+    get :history, :params => { :id => node_v1.node_id }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm node[id='#{node_v1.node_id}'][version='#{node_v1.version}']", 0, "redacted node #{node_v1.node_id} version #{node_v1.version} shouldn't be present in the history."
 
     # not even to a logged-in user
     basic_authorization(create(:user).email, "test")
-    get :history, :id => node_v1.node_id
+    get :history, :params => { :id => node_v1.node_id }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm node[id='#{node_v1.node_id}'][version='#{node_v1.version}']", 0, "redacted node #{node_v1.node_id} version #{node_v1.version} shouldn't be present in the history, even when logged in."
   end
@@ -278,16 +278,16 @@ class OldNodeControllerTest < ActionController::TestCase
 
     # check moderator can still see the redacted data, when passing
     # the appropriate flag
-    get :version, :id => node_v3.node_id, :version => node_v3.version
+    get :version, :params => { :id => node_v3.node_id, :version => node_v3.version }
     assert_response :forbidden, "After redaction, node should be gone for moderator, when flag not passed."
-    get :version, :id => node_v3.node_id, :version => node_v3.version, :show_redactions => "true"
+    get :version, :params => { :id => node_v3.node_id, :version => node_v3.version, :show_redactions => "true" }
     assert_response :success, "After redaction, node should not be gone for moderator, when flag passed."
 
     # and when accessed via history
-    get :history, :id => node_v3.node_id
+    get :history, :params => { :id => node_v3.node_id }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm node[id='#{node_v3.node_id}'][version='#{node_v3.version}']", 0, "node #{node_v3.node_id} version #{node_v3.version} should not be present in the history for moderators when not passing flag."
-    get :history, :id => node_v3.node_id, :show_redactions => "true"
+    get :history, :params => { :id => node_v3.node_id, :show_redactions => "true" }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm node[id='#{node_v3.node_id}'][version='#{node_v3.version}']", 1, "node #{node_v3.node_id} version #{node_v3.version} should still be present in the history for moderators when passing flag."
   end
@@ -306,11 +306,11 @@ class OldNodeControllerTest < ActionController::TestCase
     basic_authorization(create(:user).email, "test")
 
     # check can't see the redacted data
-    get :version, :id => node_v3.node_id, :version => node_v3.version
+    get :version, :params => { :id => node_v3.node_id, :version => node_v3.version }
     assert_response :forbidden, "Redacted node shouldn't be visible via the version API."
 
     # and when accessed via history
-    get :history, :id => node_v3.node_id
+    get :history, :params => { :id => node_v3.node_id }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm node[id='#{node_v3.node_id}'][version='#{node_v3.version}']", 0, "redacted node #{node_v3.node_id} version #{node_v3.version} shouldn't be present in the history."
   end
@@ -323,7 +323,7 @@ class OldNodeControllerTest < ActionController::TestCase
     node_v1 = node.old_nodes.find_by(:version => 1)
     node_v1.redact!(create(:redaction))
 
-    post :redact, :id => node_v1.node_id, :version => node_v1.version
+    post :redact, :params => { :id => node_v1.node_id, :version => node_v1.version }
     assert_response :unauthorized, "should need to be authenticated to unredact."
   end
 
@@ -338,7 +338,7 @@ class OldNodeControllerTest < ActionController::TestCase
 
     basic_authorization(user.email, "test")
 
-    post :redact, :id => node_v1.node_id, :version => node_v1.version
+    post :redact, :params => { :id => node_v1.node_id, :version => node_v1.version }
     assert_response :forbidden, "should need to be moderator to unredact."
   end
 
@@ -353,27 +353,27 @@ class OldNodeControllerTest < ActionController::TestCase
 
     basic_authorization(moderator_user.email, "test")
 
-    post :redact, :id => node_v1.node_id, :version => node_v1.version
+    post :redact, :params => { :id => node_v1.node_id, :version => node_v1.version }
     assert_response :success, "should be OK to unredact old version as moderator."
 
     # check moderator can now see the redacted data, when not
     # passing the aspecial flag
-    get :version, :id => node_v1.node_id, :version => node_v1.version
+    get :version, :params => { :id => node_v1.node_id, :version => node_v1.version }
     assert_response :success, "After unredaction, node should not be gone for moderator."
 
     # and when accessed via history
-    get :history, :id => node_v1.node_id
+    get :history, :params => { :id => node_v1.node_id }
     assert_response :success, "Unredaction shouldn't have stopped history working."
     assert_select "osm node[id='#{node_v1.node_id}'][version='#{node_v1.version}']", 1, "node #{node_v1.node_id} version #{node_v1.version} should now be present in the history for moderators without passing flag."
 
     basic_authorization(create(:user).email, "test")
 
     # check normal user can now see the redacted data
-    get :version, :id => node_v1.node_id, :version => node_v1.version
+    get :version, :params => { :id => node_v1.node_id, :version => node_v1.version }
     assert_response :success, "After unredaction, node should be visible to normal users."
 
     # and when accessed via history
-    get :history, :id => node_v1.node_id
+    get :history, :params => { :id => node_v1.node_id }
     assert_response :success, "Unredaction shouldn't have stopped history working."
     assert_select "osm node[id='#{node_v1.node_id}'][version='#{node_v1.version}']", 1, "node #{node_v1.node_id} version #{node_v1.version} should now be present in the history for normal users without passing flag."
   end
@@ -381,24 +381,24 @@ class OldNodeControllerTest < ActionController::TestCase
   private
 
   def do_redact_node(node, redaction)
-    get :version, :id => node.node_id, :version => node.version
+    get :version, :params => { :id => node.node_id, :version => node.version }
     assert_response :success, "should be able to get version #{node.version} of node #{node.node_id}."
 
     # now redact it
-    post :redact, :id => node.node_id, :version => node.version, :redaction => redaction.id
+    post :redact, :params => { :id => node.node_id, :version => node.version, :redaction => redaction.id }
   end
 
   def check_current_version(node_id)
     # get the current version of the node
     current_node = with_controller(NodeController.new) do
-      get :read, :id => node_id
+      get :read, :params => { :id => node_id }
       assert_response :success, "cant get current node #{node_id}"
       Node.from_xml(@response.body)
     end
     assert_not_nil current_node, "getting node #{node_id} returned nil"
 
     # get the "old" version of the node from the old_node interface
-    get :version, :id => node_id, :version => current_node.version
+    get :version, :params => { :id => node_id, :version => current_node.version }
     assert_response :success, "cant get old node #{node_id}, v#{current_node.version}"
     old_node = Node.from_xml(@response.body)
 
diff --git a/test/controllers/old_relation_controller_test.rb b/test/controllers/old_relation_controller_test.rb
index 36b35ec38..28fd78f3b 100644
--- a/test/controllers/old_relation_controller_test.rb
+++ b/test/controllers/old_relation_controller_test.rb
@@ -24,11 +24,11 @@ class OldRelationControllerTest < ActionController::TestCase
   # -------------------------------------
   def test_history
     # check that a visible relations is returned properly
-    get :history, :id => create(:relation, :with_history).id
+    get :history, :params => { :id => create(:relation, :with_history).id }
     assert_response :success
 
     # check chat a non-existent relations is not returned
-    get :history, :id => 0
+    get :history, :params => { :id => 0 }
     assert_response :not_found
   end
 
@@ -77,12 +77,12 @@ class OldRelationControllerTest < ActionController::TestCase
     relation_v1 = relation.old_relations.find_by(:version => 1)
     relation_v1.redact!(create(:redaction))
 
-    get :version, :id => relation_v1.relation_id, :version => relation_v1.version
+    get :version, :params => { :id => relation_v1.relation_id, :version => relation_v1.version }
     assert_response :forbidden, "Redacted relation shouldn't be visible via the version API."
 
     # not even to a logged-in user
     basic_authorization(create(:user).email, "test")
-    get :version, :id => relation_v1.relation_id, :version => relation_v1.version
+    get :version, :params => { :id => relation_v1.relation_id, :version => relation_v1.version }
     assert_response :forbidden, "Redacted relation shouldn't be visible via the version API, even when logged in."
   end
 
@@ -93,14 +93,14 @@ class OldRelationControllerTest < ActionController::TestCase
     relation_v1 = relation.old_relations.find_by(:version => 1)
     relation_v1.redact!(create(:redaction))
 
-    get :history, :id => relation_v1.relation_id
+    get :history, :params => { :id => relation_v1.relation_id }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm relation[id='#{relation_v1.relation_id}'][version='#{relation_v1.version}']", 0, "redacted relation #{relation_v1.relation_id} version #{relation_v1.version} shouldn't be present in the history."
 
     # not even to a logged-in user
     basic_authorization(create(:user).email, "test")
-    get :version, :id => relation_v1.relation_id, :version => relation_v1.version
-    get :history, :id => relation_v1.relation_id
+    get :version, :params => { :id => relation_v1.relation_id, :version => relation_v1.version }
+    get :history, :params => { :id => relation_v1.relation_id }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm relation[id='#{relation_v1.relation_id}'][version='#{relation_v1.version}']", 0, "redacted relation #{relation_v1.relation_id} version #{relation_v1.version} shouldn't be present in the history, even when logged in."
   end
@@ -119,16 +119,16 @@ class OldRelationControllerTest < ActionController::TestCase
 
     # check moderator can still see the redacted data, when passing
     # the appropriate flag
-    get :version, :id => relation_v3.relation_id, :version => relation_v3.version
+    get :version, :params => { :id => relation_v3.relation_id, :version => relation_v3.version }
     assert_response :forbidden, "After redaction, relation should be gone for moderator, when flag not passed."
-    get :version, :id => relation_v3.relation_id, :version => relation_v3.version, :show_redactions => "true"
+    get :version, :params => { :id => relation_v3.relation_id, :version => relation_v3.version, :show_redactions => "true" }
     assert_response :success, "After redaction, relation should not be gone for moderator, when flag passed."
 
     # and when accessed via history
-    get :history, :id => relation_v3.relation_id
+    get :history, :params => { :id => relation_v3.relation_id }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm relation[id='#{relation_v3.relation_id}'][version='#{relation_v3.version}']", 0, "relation #{relation_v3.relation_id} version #{relation_v3.version} should not be present in the history for moderators when not passing flag."
-    get :history, :id => relation_v3.relation_id, :show_redactions => "true"
+    get :history, :params => { :id => relation_v3.relation_id, :show_redactions => "true" }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm relation[id='#{relation_v3.relation_id}'][version='#{relation_v3.version}']", 1, "relation #{relation_v3.relation_id} version #{relation_v3.version} should still be present in the history for moderators when passing flag."
   end
@@ -148,11 +148,11 @@ class OldRelationControllerTest < ActionController::TestCase
     basic_authorization(create(:user).email, "test")
 
     # check can't see the redacted data
-    get :version, :id => relation_v3.relation_id, :version => relation_v3.version
+    get :version, :params => { :id => relation_v3.relation_id, :version => relation_v3.version }
     assert_response :forbidden, "Redacted relation shouldn't be visible via the version API."
 
     # and when accessed via history
-    get :history, :id => relation_v3.relation_id
+    get :history, :params => { :id => relation_v3.relation_id }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm relation[id='#{relation_v3.relation_id}'][version='#{relation_v3.version}']", 0, "redacted relation #{relation_v3.relation_id} version #{relation_v3.version} shouldn't be present in the history."
   end
@@ -165,7 +165,7 @@ class OldRelationControllerTest < ActionController::TestCase
     relation_v1 = relation.old_relations.find_by(:version => 1)
     relation_v1.redact!(create(:redaction))
 
-    post :redact, :id => relation_v1.relation_id, :version => relation_v1.version
+    post :redact, :params => { :id => relation_v1.relation_id, :version => relation_v1.version }
     assert_response :unauthorized, "should need to be authenticated to unredact."
   end
 
@@ -179,7 +179,7 @@ class OldRelationControllerTest < ActionController::TestCase
 
     basic_authorization(create(:user).email, "test")
 
-    post :redact, :id => relation_v1.relation_id, :version => relation_v1.version
+    post :redact, :params => { :id => relation_v1.relation_id, :version => relation_v1.version }
     assert_response :forbidden, "should need to be moderator to unredact."
   end
 
@@ -193,27 +193,27 @@ class OldRelationControllerTest < ActionController::TestCase
 
     basic_authorization(create(:moderator_user).email, "test")
 
-    post :redact, :id => relation_v1.relation_id, :version => relation_v1.version
+    post :redact, :params => { :id => relation_v1.relation_id, :version => relation_v1.version }
     assert_response :success, "should be OK to unredact old version as moderator."
 
     # check moderator can still see the redacted data, without passing
     # the appropriate flag
-    get :version, :id => relation_v1.relation_id, :version => relation_v1.version
+    get :version, :params => { :id => relation_v1.relation_id, :version => relation_v1.version }
     assert_response :success, "After unredaction, relation should not be gone for moderator."
 
     # and when accessed via history
-    get :history, :id => relation_v1.relation_id
+    get :history, :params => { :id => relation_v1.relation_id }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm relation[id='#{relation_v1.relation_id}'][version='#{relation_v1.version}']", 1, "relation #{relation_v1.relation_id} version #{relation_v1.version} should still be present in the history for moderators."
 
     basic_authorization(create(:user).email, "test")
 
     # check normal user can now see the redacted data
-    get :version, :id => relation_v1.relation_id, :version => relation_v1.version
+    get :version, :params => { :id => relation_v1.relation_id, :version => relation_v1.version }
     assert_response :success, "After redaction, node should not be gone for normal user."
 
     # and when accessed via history
-    get :history, :id => relation_v1.relation_id
+    get :history, :params => { :id => relation_v1.relation_id }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm relation[id='#{relation_v1.relation_id}'][version='#{relation_v1.version}']", 1, "relation #{relation_v1.relation_id} version #{relation_v1.version} should still be present in the history for normal users."
   end
@@ -226,14 +226,14 @@ class OldRelationControllerTest < ActionController::TestCase
   def check_current_version(relation_id)
     # get the current version
     current_relation = with_controller(RelationController.new) do
-      get :read, :id => relation_id
+      get :read, :params => { :id => relation_id }
       assert_response :success, "can't get current relation #{relation_id}"
       Relation.from_xml(@response.body)
     end
     assert_not_nil current_relation, "getting relation #{relation_id} returned nil"
 
     # get the "old" version of the relation from the version method
-    get :version, :id => relation_id, :version => current_relation.version
+    get :version, :params => { :id => relation_id, :version => current_relation.version }
     assert_response :success, "can't get old relation #{relation_id}, v#{current_relation.version}"
     old_relation = Relation.from_xml(@response.body)
 
@@ -245,7 +245,7 @@ class OldRelationControllerTest < ActionController::TestCase
   # look at all the versions of the relation in the history and get each version from
   # the versions call. check that they're the same.
   def check_history_equals_versions(relation_id)
-    get :history, :id => relation_id
+    get :history, :params => { :id => relation_id }
     assert_response :success, "can't get relation #{relation_id} from API"
     history_doc = XML::Parser.string(@response.body).parse
     assert_not_nil history_doc, "parsing relation #{relation_id} history failed"
@@ -254,7 +254,7 @@ class OldRelationControllerTest < ActionController::TestCase
       history_relation = Relation.from_xml_node(relation_doc)
       assert_not_nil history_relation, "parsing relation #{relation_id} version failed"
 
-      get :version, :id => relation_id, :version => history_relation.version
+      get :version, :params => { :id => relation_id, :version => history_relation.version }
       assert_response :success, "couldn't get relation #{relation_id}, v#{history_relation.version}"
       version_relation = Relation.from_xml(@response.body)
       assert_not_nil version_relation, "failed to parse #{relation_id}, v#{history_relation.version}"
@@ -264,10 +264,10 @@ class OldRelationControllerTest < ActionController::TestCase
   end
 
   def do_redact_relation(relation, redaction)
-    get :version, :id => relation.relation_id, :version => relation.version
+    get :version, :params => { :id => relation.relation_id, :version => relation.version }
     assert_response :success, "should be able to get version #{relation.version} of relation #{relation.relation_id}."
 
     # now redact it
-    post :redact, :id => relation.relation_id, :version => relation.version, :redaction => redaction.id
+    post :redact, :params => { :id => relation.relation_id, :version => relation.version, :redaction => redaction.id }
   end
 end
diff --git a/test/controllers/old_way_controller_test.rb b/test/controllers/old_way_controller_test.rb
index dd971a677..176f7384d 100644
--- a/test/controllers/old_way_controller_test.rb
+++ b/test/controllers/old_way_controller_test.rb
@@ -25,19 +25,19 @@ class OldWayControllerTest < ActionController::TestCase
 
   def test_history_visible
     # check that a visible way is returned properly
-    get :history, :id => create(:way, :with_history).id
+    get :history, :params => { :id => create(:way, :with_history).id }
     assert_response :success
   end
 
   def test_history_invisible
     # check that an invisible way's history is returned properly
-    get :history, :id => create(:way, :with_history, :deleted).id
+    get :history, :params => { :id => create(:way, :with_history, :deleted).id }
     assert_response :success
   end
 
   def test_history_invalid
     # check chat a non-existent way is not returned
-    get :history, :id => 0
+    get :history, :params => { :id => 0 }
     assert_response :not_found
   end
 
@@ -118,12 +118,12 @@ class OldWayControllerTest < ActionController::TestCase
     way_v1 = way.old_ways.find_by(:version => 1)
     way_v1.redact!(create(:redaction))
 
-    get :version, :id => way_v1.way_id, :version => way_v1.version
+    get :version, :params => { :id => way_v1.way_id, :version => way_v1.version }
     assert_response :forbidden, "Redacted way shouldn't be visible via the version API."
 
     # not even to a logged-in user
     basic_authorization(create(:user).email, "test")
-    get :version, :id => way_v1.way_id, :version => way_v1.version
+    get :version, :params => { :id => way_v1.way_id, :version => way_v1.version }
     assert_response :forbidden, "Redacted way shouldn't be visible via the version API, even when logged in."
   end
 
@@ -134,14 +134,14 @@ class OldWayControllerTest < ActionController::TestCase
     way_v1 = way.old_ways.find_by(:version => 1)
     way_v1.redact!(create(:redaction))
 
-    get :history, :id => way_v1.way_id
+    get :history, :params => { :id => way_v1.way_id }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm way[id='#{way_v1.way_id}'][version='#{way_v1.version}']", 0, "redacted way #{way_v1.way_id} version #{way_v1.version} shouldn't be present in the history."
 
     # not even to a logged-in user
     basic_authorization(create(:user).email, "test")
-    get :version, :id => way_v1.way_id, :version => way_v1.version
-    get :history, :id => way_v1.way_id
+    get :version, :params => { :id => way_v1.way_id, :version => way_v1.version }
+    get :history, :params => { :id => way_v1.way_id }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm way[id='#{way_v1.way_id}'][version='#{way_v1.version}']", 0, "redacted node #{way_v1.way_id} version #{way_v1.version} shouldn't be present in the history, even when logged in."
   end
@@ -159,16 +159,16 @@ class OldWayControllerTest < ActionController::TestCase
 
     # check moderator can still see the redacted data, when passing
     # the appropriate flag
-    get :version, :id => way_v3.way_id, :version => way_v3.version
+    get :version, :params => { :id => way_v3.way_id, :version => way_v3.version }
     assert_response :forbidden, "After redaction, node should be gone for moderator, when flag not passed."
-    get :version, :id => way_v3.way_id, :version => way_v3.version, :show_redactions => "true"
+    get :version, :params => { :id => way_v3.way_id, :version => way_v3.version, :show_redactions => "true" }
     assert_response :success, "After redaction, node should not be gone for moderator, when flag passed."
 
     # and when accessed via history
-    get :history, :id => way_v3.way_id
+    get :history, :params => { :id => way_v3.way_id }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm way[id='#{way_v3.way_id}'][version='#{way_v3.version}']", 0, "way #{way_v3.way_id} version #{way_v3.version} should not be present in the history for moderators when not passing flag."
-    get :history, :id => way_v3.way_id, :show_redactions => "true"
+    get :history, :params => { :id => way_v3.way_id, :show_redactions => "true" }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm way[id='#{way_v3.way_id}'][version='#{way_v3.version}']", 1, "way #{way_v3.way_id} version #{way_v3.version} should still be present in the history for moderators when passing flag."
   end
@@ -187,11 +187,11 @@ class OldWayControllerTest < ActionController::TestCase
     basic_authorization(create(:user).email, "test")
 
     # check can't see the redacted data
-    get :version, :id => way_v3.way_id, :version => way_v3.version
+    get :version, :params => { :id => way_v3.way_id, :version => way_v3.version }
     assert_response :forbidden, "Redacted node shouldn't be visible via the version API."
 
     # and when accessed via history
-    get :history, :id => way_v3.way_id
+    get :history, :params => { :id => way_v3.way_id }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm way[id='#{way_v3.way_id}'][version='#{way_v3.version}']", 0, "redacted way #{way_v3.way_id} version #{way_v3.version} shouldn't be present in the history."
   end
@@ -204,7 +204,7 @@ class OldWayControllerTest < ActionController::TestCase
     way_v1 = way.old_ways.find_by(:version => 1)
     way_v1.redact!(create(:redaction))
 
-    post :redact, :id => way_v1.way_id, :version => way_v1.version
+    post :redact, :params => { :id => way_v1.way_id, :version => way_v1.version }
     assert_response :unauthorized, "should need to be authenticated to unredact."
   end
 
@@ -218,7 +218,7 @@ class OldWayControllerTest < ActionController::TestCase
 
     basic_authorization(create(:user).email, "test")
 
-    post :redact, :id => way_v1.way_id, :version => way_v1.version
+    post :redact, :params => { :id => way_v1.way_id, :version => way_v1.version }
     assert_response :forbidden, "should need to be moderator to unredact."
   end
 
@@ -233,27 +233,27 @@ class OldWayControllerTest < ActionController::TestCase
 
     basic_authorization(moderator_user.email, "test")
 
-    post :redact, :id => way_v1.way_id, :version => way_v1.version
+    post :redact, :params => { :id => way_v1.way_id, :version => way_v1.version }
     assert_response :success, "should be OK to unredact old version as moderator."
 
     # check moderator can still see the unredacted data, without passing
     # the appropriate flag
-    get :version, :id => way_v1.way_id, :version => way_v1.version
+    get :version, :params => { :id => way_v1.way_id, :version => way_v1.version }
     assert_response :success, "After unredaction, node should not be gone for moderator."
 
     # and when accessed via history
-    get :history, :id => way_v1.way_id
+    get :history, :params => { :id => way_v1.way_id }
     assert_response :success, "Unredaction shouldn't have stopped history working."
     assert_select "osm way[id='#{way_v1.way_id}'][version='#{way_v1.version}']", 1, "way #{way_v1.way_id} version #{way_v1.version} should still be present in the history for moderators."
 
     basic_authorization(create(:user).email, "test")
 
     # check normal user can now see the unredacted data
-    get :version, :id => way_v1.way_id, :version => way_v1.version
+    get :version, :params => { :id => way_v1.way_id, :version => way_v1.version }
     assert_response :success, "After redaction, node should not be gone for moderator, when flag passed."
 
     # and when accessed via history
-    get :history, :id => way_v1.way_id
+    get :history, :params => { :id => way_v1.way_id }
     assert_response :success, "Redaction shouldn't have stopped history working."
     assert_select "osm way[id='#{way_v1.way_id}'][version='#{way_v1.version}']", 1, "way #{way_v1.way_id} version #{way_v1.version} should still be present in the history for normal users."
   end
@@ -266,14 +266,14 @@ class OldWayControllerTest < ActionController::TestCase
   def check_current_version(way_id)
     # get the current version
     current_way = with_controller(WayController.new) do
-      get :read, :id => way_id
+      get :read, :params => { :id => way_id }
       assert_response :success, "can't get current way #{way_id}"
       Way.from_xml(@response.body)
     end
     assert_not_nil current_way, "getting way #{way_id} returned nil"
 
     # get the "old" version of the way from the version method
-    get :version, :id => way_id, :version => current_way.version
+    get :version, :params => { :id => way_id, :version => current_way.version }
     assert_response :success, "can't get old way #{way_id}, v#{current_way.version}"
     old_way = Way.from_xml(@response.body)
 
@@ -285,7 +285,7 @@ class OldWayControllerTest < ActionController::TestCase
   # look at all the versions of the way in the history and get each version from
   # the versions call. check that they're the same.
   def check_history_equals_versions(way_id)
-    get :history, :id => way_id
+    get :history, :params => { :id => way_id }
     assert_response :success, "can't get way #{way_id} from API"
     history_doc = XML::Parser.string(@response.body).parse
     assert_not_nil history_doc, "parsing way #{way_id} history failed"
@@ -294,7 +294,7 @@ class OldWayControllerTest < ActionController::TestCase
       history_way = Way.from_xml_node(way_doc)
       assert_not_nil history_way, "parsing way #{way_id} version failed"
 
-      get :version, :id => way_id, :version => history_way.version
+      get :version, :params => { :id => way_id, :version => history_way.version }
       assert_response :success, "couldn't get way #{way_id}, v#{history_way.version}"
       version_way = Way.from_xml(@response.body)
       assert_not_nil version_way, "failed to parse #{way_id}, v#{history_way.version}"
@@ -304,11 +304,11 @@ class OldWayControllerTest < ActionController::TestCase
   end
 
   def do_redact_way(way, redaction)
-    get :version, :id => way.way_id, :version => way.version
+    get :version, :params => { :id => way.way_id, :version => way.version }
     assert_response :success, "should be able to get version #{way.version} of way #{way.way_id}."
 
     # now redact it
-    post :redact, :id => way.way_id, :version => way.version, :redaction => redaction.id
+    post :redact, :params => { :id => way.way_id, :version => way.version, :redaction => redaction.id }
   end
 
   def propagate_tags(way, old_way)
diff --git a/test/controllers/redactions_controller_test.rb b/test/controllers/redactions_controller_test.rb
index 750f7c9d1..73061ed57 100644
--- a/test/controllers/redactions_controller_test.rb
+++ b/test/controllers/redactions_controller_test.rb
@@ -71,7 +71,7 @@ class RedactionsControllerTest < ActionController::TestCase
   def test_create_moderator
     session[:user] = create(:moderator_user).id
 
-    post :create, :redaction => { :title => "Foo", :description => "Description here." }
+    post :create, :params => { :redaction => { :title => "Foo", :description => "Description here." } }
     assert_response :redirect
     assert_redirected_to(redaction_path(Redaction.find_by(:title => "Foo")))
   end
@@ -79,7 +79,7 @@ class RedactionsControllerTest < ActionController::TestCase
   def test_create_moderator_invalid
     session[:user] = create(:moderator_user).id
 
-    post :create, :redaction => { :title => "Foo", :description => "" }
+    post :create, :params => { :redaction => { :title => "Foo", :description => "" } }
     assert_response :success
     assert_template :new
   end
@@ -87,7 +87,7 @@ class RedactionsControllerTest < ActionController::TestCase
   def test_create_non_moderator
     session[:user] = create(:user).id
 
-    post :create, :redaction => { :title => "Foo", :description => "Description here." }
+    post :create, :params => { :redaction => { :title => "Foo", :description => "Description here." } }
     assert_response :forbidden
   end
 
@@ -97,7 +97,7 @@ class RedactionsControllerTest < ActionController::TestCase
     # create an empty redaction
     redaction = create(:redaction)
 
-    delete :destroy, :id => redaction.id
+    delete :destroy, :params => { :id => redaction.id }
     assert_response :redirect
     assert_redirected_to(redactions_path)
   end
@@ -109,7 +109,7 @@ class RedactionsControllerTest < ActionController::TestCase
     redaction = create(:redaction)
     create(:old_node, :redaction => redaction)
 
-    delete :destroy, :id => redaction.id
+    delete :destroy, :params => { :id => redaction.id }
     assert_response :redirect
     assert_redirected_to(redaction_path(redaction))
     assert_match /^Redaction is not empty/, flash[:error]
@@ -118,14 +118,14 @@ class RedactionsControllerTest < ActionController::TestCase
   def test_delete_non_moderator
     session[:user] = create(:user).id
 
-    delete :destroy, :id => create(:redaction).id
+    delete :destroy, :params => { :id => create(:redaction).id }
     assert_response :forbidden
   end
 
   def test_edit
     redaction = create(:redaction)
 
-    get :edit, :id => redaction.id
+    get :edit, :params => { :id => redaction.id }
     assert_response :redirect
     assert_redirected_to login_path(:referer => edit_redaction_path(redaction))
   end
@@ -133,14 +133,14 @@ class RedactionsControllerTest < ActionController::TestCase
   def test_edit_moderator
     session[:user] = create(:moderator_user).id
 
-    get :edit, :id => create(:redaction).id
+    get :edit, :params => { :id => create(:redaction).id }
     assert_response :success
   end
 
   def test_edit_non_moderator
     session[:user] = create(:user).id
 
-    get :edit, :id => create(:redaction).id
+    get :edit, :params => { :id => create(:redaction).id }
     assert_response :redirect
     assert_redirected_to(redactions_path)
   end
@@ -150,7 +150,7 @@ class RedactionsControllerTest < ActionController::TestCase
 
     redaction = create(:redaction)
 
-    put :update, :id => redaction.id, :redaction => { :title => "Foo", :description => "Description here." }
+    put :update, :params => { :id => redaction.id, :redaction => { :title => "Foo", :description => "Description here." } }
     assert_response :redirect
     assert_redirected_to(redaction_path(redaction))
   end
@@ -160,7 +160,7 @@ class RedactionsControllerTest < ActionController::TestCase
 
     redaction = create(:redaction)
 
-    put :update, :id => redaction.id, :redaction => { :title => "Foo", :description => "" }
+    put :update, :params => { :id => redaction.id, :redaction => { :title => "Foo", :description => "" } }
     assert_response :success
     assert_template :edit
   end
@@ -170,7 +170,7 @@ class RedactionsControllerTest < ActionController::TestCase
 
     redaction = create(:redaction)
 
-    put :update, :id => redaction.id, :redaction => { :title => "Foo", :description => "Description here." }
+    put :update, :params => { :id => redaction.id, :redaction => { :title => "Foo", :description => "Description here." } }
     assert_response :forbidden
   end
 end
diff --git a/test/controllers/relation_controller_test.rb b/test/controllers/relation_controller_test.rb
index afdab1bf2..487d99b80 100644
--- a/test/controllers/relation_controller_test.rb
+++ b/test/controllers/relation_controller_test.rb
@@ -50,15 +50,15 @@ class RelationControllerTest < ActionController::TestCase
 
   def test_read
     # check that a visible relation is returned properly
-    get :read, :id => create(:relation).id
+    get :read, :params => { :id => create(:relation).id }
     assert_response :success
 
     # check that an invisible relation is not returned
-    get :read, :id => create(:relation, :deleted).id
+    get :read, :params => { :id => create(:relation, :deleted).id }
     assert_response :gone
 
     # check chat a non-existent relation is not returned
-    get :read, :id => 0
+    get :read, :params => { :id => 0 }
     assert_response :not_found
   end
 
@@ -129,7 +129,7 @@ class RelationControllerTest < ActionController::TestCase
 
   def check_relations_for_element(method, type, id, expected_relations)
     # check the "relations for relation" mode
-    get method, :id => id
+    get method, :params => { :id => id }
     assert_response :success
 
     # count one osm element
@@ -148,13 +148,13 @@ class RelationControllerTest < ActionController::TestCase
 
   def test_full
     # check the "full" mode
-    get :full, :id => 999999
+    get :full, :params => { :id => 999999 }
     assert_response :not_found
 
-    get :full, :id => create(:relation, :deleted).id
+    get :full, :params => { :id => create(:relation, :deleted).id }
     assert_response :gone
 
-    get :full, :id => create(:relation).id
+    get :full, :params => { :id => create(:relation).id }
     assert_response :success
     # FIXME: check whether this contains the stuff we want!
   end
@@ -173,11 +173,11 @@ class RelationControllerTest < ActionController::TestCase
     assert_response :bad_request
 
     # check error when no parameter value provided
-    get :relations, :relations => ""
+    get :relations, :params => { :relations => "" }
     assert_response :bad_request
 
     # test a working call
-    get :relations, :relations => "#{relation1.id},#{relation2.id},#{relation3.id},#{relation4.id}"
+    get :relations, :params => { :relations => "#{relation1.id},#{relation2.id},#{relation3.id},#{relation4.id}" }
     assert_response :success
     assert_select "osm" do
       assert_select "relation", :count => 4
@@ -188,7 +188,7 @@ class RelationControllerTest < ActionController::TestCase
     end
 
     # check error when a non-existent relation is included
-    get :relations, :relations => "#{relation1.id},#{relation2.id},#{relation3.id},#{relation4.id},400"
+    get :relations, :params => { :relations => "#{relation1.id},#{relation2.id},#{relation3.id},#{relation4.id},400" }
     assert_response :not_found
   end
 
@@ -271,7 +271,7 @@ class RelationControllerTest < ActionController::TestCase
     assert_equal true, checkrelation.visible,
                  "saved relation is not visible"
     # ok the relation is there but can we also retrieve it?
-    get :read, :id => relationid
+    get :read, :params => { :id => relationid }
     assert_response :success
 
     ###
@@ -302,7 +302,7 @@ class RelationControllerTest < ActionController::TestCase
                  "saved relation is not visible"
     # ok the relation is there but can we also retrieve it?
 
-    get :read, :id => relationid
+    get :read, :params => { :id => relationid }
     assert_response :success
 
     ###
@@ -332,7 +332,7 @@ class RelationControllerTest < ActionController::TestCase
                  "saved relation is not visible"
     # ok the relation is there but can we also retrieve it?
 
-    get :read, :id => relationid
+    get :read, :params => { :id => relationid }
     assert_response :success
 
     ###
@@ -362,7 +362,7 @@ class RelationControllerTest < ActionController::TestCase
     assert_equal true, checkrelation.visible,
                  "saved relation is not visible"
     # ok the relation is there but can we also retrieve it?
-    get :read, :id => relationid
+    get :read, :params => { :id => relationid }
     assert_response :success
   end
 
@@ -445,7 +445,7 @@ class RelationControllerTest < ActionController::TestCase
     with_relation(relation.id) do |rel|
       update_changeset(rel, changeset.id)
       content rel
-      put :update, :id => other_relation.id
+      put :update, :params => { :id => other_relation.id }
       assert_response :bad_request
     end
   end
@@ -510,96 +510,96 @@ class RelationControllerTest < ActionController::TestCase
     create_list(:relation_tag, 4, :relation => multi_tag_relation)
 
     ## First try to delete relation without auth
-    delete :delete, :id => relation.id
+    delete :delete, :params => { :id => relation.id }
     assert_response :unauthorized
 
     ## Then try with the private user, to make sure that you get a forbidden
     basic_authorization(private_user.email, "test")
 
     # this shouldn't work, as we should need the payload...
-    delete :delete, :id => relation.id
+    delete :delete, :params => { :id => relation.id }
     assert_response :forbidden
 
     # try to delete without specifying a changeset
     content "<osm><relation id='#{relation.id}'/></osm>"
-    delete :delete, :id => relation.id
+    delete :delete, :params => { :id => relation.id }
     assert_response :forbidden
 
     # try to delete with an invalid (closed) changeset
     content update_changeset(relation.to_xml,
                              private_user_closed_changeset.id)
-    delete :delete, :id => relation.id
+    delete :delete, :params => { :id => relation.id }
     assert_response :forbidden
 
     # try to delete with an invalid (non-existent) changeset
     content update_changeset(relation.to_xml, 0)
-    delete :delete, :id => relation.id
+    delete :delete, :params => { :id => relation.id }
     assert_response :forbidden
 
     # this won't work because the relation is in-use by another relation
     content(used_relation.to_xml)
-    delete :delete, :id => used_relation.id
+    delete :delete, :params => { :id => used_relation.id }
     assert_response :forbidden
 
     # this should work when we provide the appropriate payload...
     content(relation.to_xml)
-    delete :delete, :id => relation.id
+    delete :delete, :params => { :id => relation.id }
     assert_response :forbidden
 
     # this won't work since the relation is already deleted
     content(deleted_relation.to_xml)
-    delete :delete, :id => deleted_relation.id
+    delete :delete, :params => { :id => deleted_relation.id }
     assert_response :forbidden
 
     # this won't work since the relation never existed
-    delete :delete, :id => 0
+    delete :delete, :params => { :id => 0 }
     assert_response :forbidden
 
     ## now set auth for the public user
     basic_authorization(user.email, "test")
 
     # this shouldn't work, as we should need the payload...
-    delete :delete, :id => relation.id
+    delete :delete, :params => { :id => relation.id }
     assert_response :bad_request
 
     # try to delete without specifying a changeset
     content "<osm><relation id='#{relation.id}' version='#{relation.version}' /></osm>"
-    delete :delete, :id => relation.id
+    delete :delete, :params => { :id => relation.id }
     assert_response :bad_request
     assert_match(/Changeset id is missing/, @response.body)
 
     # try to delete with an invalid (closed) changeset
     content update_changeset(relation.to_xml,
                              closed_changeset.id)
-    delete :delete, :id => relation.id
+    delete :delete, :params => { :id => relation.id }
     assert_response :conflict
 
     # try to delete with an invalid (non-existent) changeset
     content update_changeset(relation.to_xml, 0)
-    delete :delete, :id => relation.id
+    delete :delete, :params => { :id => relation.id }
     assert_response :conflict
 
     # this won't work because the relation is in a changeset owned by someone else
     content update_changeset(relation.to_xml, create(:changeset).id)
-    delete :delete, :id => relation.id
+    delete :delete, :params => { :id => relation.id }
     assert_response :conflict,
                     "shouldn't be able to delete a relation in a changeset owned by someone else (#{@response.body})"
 
     # this won't work because the relation in the payload is different to that passed
     content update_changeset(relation.to_xml, changeset.id)
-    delete :delete, :id => create(:relation).id
+    delete :delete, :params => { :id => create(:relation).id }
     assert_response :bad_request, "shouldn't be able to delete a relation when payload is different to the url"
 
     # this won't work because the relation is in-use by another relation
     content update_changeset(used_relation.to_xml, changeset.id)
-    delete :delete, :id => used_relation.id
+    delete :delete, :params => { :id => used_relation.id }
     assert_response :precondition_failed,
                     "shouldn't be able to delete a relation used in a relation (#{@response.body})"
     assert_equal "Precondition failed: The relation #{used_relation.id} is used in relation #{super_relation.id}.", @response.body
 
     # this should work when we provide the appropriate payload...
     content update_changeset(multi_tag_relation.to_xml, changeset.id)
-    delete :delete, :id => multi_tag_relation.id
+    delete :delete, :params => { :id => multi_tag_relation.id }
     assert_response :success
 
     # valid delete should return the new version number, which should
@@ -609,23 +609,23 @@ class RelationControllerTest < ActionController::TestCase
 
     # this won't work since the relation is already deleted
     content update_changeset(deleted_relation.to_xml, changeset.id)
-    delete :delete, :id => deleted_relation.id
+    delete :delete, :params => { :id => deleted_relation.id }
     assert_response :gone
 
     # Public visible relation needs to be deleted
     content update_changeset(super_relation.to_xml, changeset.id)
-    delete :delete, :id => super_relation.id
+    delete :delete, :params => { :id => super_relation.id }
     assert_response :success
 
     # this works now because the relation which was using this one
     # has been deleted.
     content update_changeset(used_relation.to_xml, changeset.id)
-    delete :delete, :id => used_relation.id
+    delete :delete, :params => { :id => used_relation.id }
     assert_response :success,
                     "should be able to delete a relation used in an old relation (#{@response.body})"
 
     # this won't work since the relation never existed
-    delete :delete, :id => 0
+    delete :delete, :params => { :id => 0 }
     assert_response :not_found
   end
 
@@ -656,7 +656,7 @@ class RelationControllerTest < ActionController::TestCase
 
       # upload the change
       content relation_xml
-      put :update, :id => relation.id
+      put :update, :params => { :id => relation.id }
       assert_response :success, "can't update relation for tag/bbox test"
     end
   end
@@ -690,11 +690,11 @@ class RelationControllerTest < ActionController::TestCase
 
         # upload the change
         content relation_xml
-        put :update, :id => relation.id
+        put :update, :params => { :id => relation.id }
         assert_response :success, "can't update relation for add #{element.class}/bbox test: #{@response.body}"
 
         # get it back and check the ordering
-        get :read, :id => relation.id
+        get :read, :params => { :id => relation.id }
         assert_response :success, "can't read back the relation: #{@response.body}"
         check_ordering(relation_xml, @response.body)
       end
@@ -723,7 +723,7 @@ class RelationControllerTest < ActionController::TestCase
 
       # upload the change
       content relation_xml
-      put :update, :id => relation.id
+      put :update, :params => { :id => relation.id }
       assert_response :success, "can't update relation for remove node/bbox test"
     end
   end
@@ -759,7 +759,7 @@ OSM
     relation_id = @response.body.to_i
 
     # get it back and check the ordering
-    get :read, :id => relation_id
+    get :read, :params => { :id => relation_id }
     assert_response :success, "can't read back the relation: #{@response.body}"
     check_ordering(doc, @response.body)
 
@@ -775,18 +775,18 @@ OSM
 
     # upload the next version of the relation
     content doc
-    put :update, :id => relation_id
+    put :update, :params => { :id => relation_id }
     assert_response :success, "can't update relation: #{@response.body}"
     assert_equal 2, @response.body.to_i
 
     # get it back again and check the ordering again
-    get :read, :id => relation_id
+    get :read, :params => { :id => relation_id }
     assert_response :success, "can't read back the relation: #{@response.body}"
     check_ordering(doc, @response.body)
 
     # check the ordering in the history tables:
     with_controller(OldRelationController.new) do
-      get :version, :id => relation_id, :version => 2
+      get :version, :params => { :id => relation_id, :version => 2 }
       assert_response :success, "can't read back version 2 of the relation #{relation_id}"
       check_ordering(doc, @response.body)
     end
@@ -829,7 +829,7 @@ OSM
     relation_id = @response.body.to_i
 
     # get it back and check the ordering
-    get :read, :id => relation_id
+    get :read, :params => { :id => relation_id }
     assert_response :success, "can't read back the relation: #{relation_id}"
     check_ordering(doc, @response.body)
   end
@@ -863,13 +863,13 @@ OSM
     relation_id = @response.body.to_i
 
     # check the ordering in the current tables:
-    get :read, :id => relation_id
+    get :read, :params => { :id => relation_id }
     assert_response :success, "can't read back the relation: #{@response.body}"
     check_ordering(doc, @response.body)
 
     # check the ordering in the history tables:
     with_controller(OldRelationController.new) do
-      get :version, :id => relation_id, :version => 1
+      get :version, :params => { :id => relation_id, :version => 1 }
       assert_response :success, "can't read back version 1 of the relation: #{@response.body}"
       check_ordering(doc, @response.body)
     end
@@ -898,7 +898,7 @@ OSM
 
       # upload the change
       content relation_xml
-      put :update, :id => relation.id
+      put :update, :params => { :id => relation.id }
       assert_response :success, "can't update relation for remove all members test"
       checkrelation = Relation.find(relation.id)
       assert_not_nil(checkrelation,
@@ -963,7 +963,7 @@ OSM
 
     # now download the changeset to check its bounding box
     with_controller(ChangesetController.new) do
-      get :read, :id => changeset_id
+      get :read, :params => { :id => changeset_id }
       assert_response :success, "can't re-read changeset for modify test"
       assert_select "osm>changeset", 1, "Changeset element doesn't exist in #{@response.body}"
       assert_select "osm>changeset[id='#{changeset_id}']", 1, "Changeset id=#{changeset_id} doesn't exist in #{@response.body}"
@@ -980,10 +980,10 @@ OSM
   # doc is returned.
   def with_relation(id, ver = nil)
     if ver.nil?
-      get :read, :id => id
+      get :read, :params => { :id => id }
     else
       with_controller(OldRelationController.new) do
-        get :version, :id => id, :version => ver
+        get :version, :params => { :id => id, :version => ver }
       end
     end
     assert_response :success
@@ -997,12 +997,12 @@ OSM
   def with_update(rel)
     rel_id = rel.find("//osm/relation").first["id"].to_i
     content rel
-    put :update, :id => rel_id
+    put :update, :params => { :id => rel_id }
     assert_response :success, "can't update relation: #{@response.body}"
     version = @response.body.to_i
 
     # now get the new version
-    get :read, :id => rel_id
+    get :read, :params => { :id => rel_id }
     assert_response :success
     new_rel = xml_parse(@response.body)
 
@@ -1029,13 +1029,13 @@ OSM
       modify << doc.import(rel.find("//osm/relation").first)
 
       content doc.to_s
-      post :upload, :id => cs_id
+      post :upload, :params => { :id => cs_id }
       assert_response :success, "can't upload diff relation: #{@response.body}"
       version = xml_parse(@response.body).find("//diffResult/relation").first["new_version"].to_i
     end
 
     # now get the new version
-    get :read, :id => rel_id
+    get :read, :params => { :id => rel_id }
     assert_response :success
     new_rel = xml_parse(@response.body)
 
diff --git a/test/controllers/search_controller_test.rb b/test/controllers/search_controller_test.rb
index 5b27666d9..49a70f1b0 100644
--- a/test/controllers/search_controller_test.rb
+++ b/test/controllers/search_controller_test.rb
@@ -25,15 +25,15 @@ class SearchControllerTest < ActionController::TestCase
   ##
   # test searching nodes
   def test_search_nodes
-    get :search_nodes, :type => "test"
+    get :search_nodes, :params => { :type => "test" }
     assert_response :service_unavailable
     assert_equal "Searching of nodes is currently unavailable", response.headers["Error"]
 
-    get :search_nodes, :type => "test", :value => "yes"
+    get :search_nodes, :params => { :type => "test", :value => "yes" }
     assert_response :service_unavailable
     assert_equal "Searching of nodes is currently unavailable", response.headers["Error"]
 
-    get :search_nodes, :name => "Test Node"
+    get :search_nodes, :params => { :name => "Test Node" }
     assert_response :service_unavailable
     assert_equal "Searching of nodes is currently unavailable", response.headers["Error"]
   end
@@ -50,15 +50,15 @@ class SearchControllerTest < ActionController::TestCase
     end
     create(:way_tag, :way => third_way, :k => "name", :v => "Test Way")
 
-    get :search_ways, :type => "test"
+    get :search_ways, :params => { :type => "test" }
     assert_response :service_unavailable
     assert_equal "Searching for a key without value is currently unavailable", response.headers["Error"]
 
-    get :search_ways, :type => "test", :value => "yes"
+    get :search_ways, :params => { :type => "test", :value => "yes" }
     assert_response :success
     assert_select "way", 3
 
-    get :search_ways, :name => "Test Way"
+    get :search_ways, :params => { :name => "Test Way" }
     assert_response :success
     assert_select "way", 1
   end
@@ -75,15 +75,15 @@ class SearchControllerTest < ActionController::TestCase
     end
     create(:relation_tag, :relation => third_relation, :k => "name", :v => "Test Relation")
 
-    get :search_relations, :type => "test"
+    get :search_relations, :params => { :type => "test" }
     assert_response :service_unavailable
     assert_equal "Searching for a key without value is currently unavailable", response.headers["Error"]
 
-    get :search_relations, :type => "test", :value => "yes"
+    get :search_relations, :params => { :type => "test", :value => "yes" }
     assert_response :success
     assert_select "relation", 3
 
-    get :search_relations, :name => "Test Relation"
+    get :search_relations, :params => { :name => "Test Relation" }
     assert_response :success
     assert_select "relation", 1
   end
@@ -91,15 +91,15 @@ class SearchControllerTest < ActionController::TestCase
   ##
   # test searching nodes, ways and relations
   def test_search_all
-    get :search_all, :type => "test"
+    get :search_all, :params => { :type => "test" }
     assert_response :service_unavailable
     assert_equal "Searching of nodes is currently unavailable", response.headers["Error"]
 
-    get :search_all, :type => "test", :value => "yes"
+    get :search_all, :params => { :type => "test", :value => "yes" }
     assert_response :service_unavailable
     assert_equal "Searching of nodes is currently unavailable", response.headers["Error"]
 
-    get :search_all, :name => "Test"
+    get :search_all, :params => { :name => "Test" }
     assert_response :service_unavailable
     assert_equal "Searching of nodes is currently unavailable", response.headers["Error"]
   end
diff --git a/test/controllers/site_controller_test.rb b/test/controllers/site_controller_test.rb
index 58379c0ea..b8941ed30 100644
--- a/test/controllers/site_controller_test.rb
+++ b/test/controllers/site_controller_test.rb
@@ -91,71 +91,71 @@ class SiteControllerTest < ActionController::TestCase
 
   # Test the index page redirects
   def test_index_redirect
-    get :index, :node => 123
+    get :index, :params => { :node => 123 }
     assert_redirected_to :controller => :browse, :action => :node, :id => 123
 
-    get :index, :way => 123
+    get :index, :params => { :way => 123 }
     assert_redirected_to :controller => :browse, :action => :way, :id => 123
 
-    get :index, :relation => 123
+    get :index, :params => { :relation => 123 }
     assert_redirected_to :controller => :browse, :action => :relation, :id => 123
 
-    get :index, :note => 123
+    get :index, :params => { :note => 123 }
     assert_redirected_to :controller => :browse, :action => :note, :id => 123
 
-    get :index, :query => "test"
+    get :index, :params => { :query => "test" }
     assert_redirected_to :controller => :geocoder, :action => :search, :query => "test"
 
-    get :index, :lat => 4, :lon => 5
+    get :index, :params => { :lat => 4, :lon => 5 }
     assert_redirected_to :controller => :site, :action => :index, :anchor => "map=5/4/5"
 
-    get :index, :lat => 4, :lon => 5, :zoom => 3
+    get :index, :params => { :lat => 4, :lon => 5, :zoom => 3 }
     assert_redirected_to :controller => :site, :action => :index, :anchor => "map=3/4/5"
 
-    get :index, :layers => "T"
+    get :index, :params => { :layers => "T" }
     assert_redirected_to :controller => :site, :action => :index, :anchor => "layers=T"
 
-    get :index, :notes => "yes"
+    get :index, :params => { :notes => "yes" }
     assert_redirected_to :controller => :site, :action => :index, :anchor => "layers=N"
 
-    get :index, :lat => 4, :lon => 5, :zoom => 3, :layers => "T"
+    get :index, :params => { :lat => 4, :lon => 5, :zoom => 3, :layers => "T" }
     assert_redirected_to :controller => :site, :action => :index, :anchor => "map=3/4/5&layers=T"
   end
 
   # Test the permalink redirect
   def test_permalink
-    get :permalink, :code => "wBz3--"
+    get :permalink, :params => { :code => "wBz3--" }
     assert_response :redirect
     assert_redirected_to :controller => :site, :action => :index, :anchor => "map=3/4.8779296875/3.955078125"
 
-    get :permalink, :code => "wBz3--", :m => ""
+    get :permalink, :params => { :code => "wBz3--", :m => "" }
     assert_response :redirect
     assert_redirected_to :controller => :site, :action => :index, :mlat => "4.8779296875", :mlon => "3.955078125", :anchor => "map=3/4.8779296875/3.955078125"
 
-    get :permalink, :code => "wBz3--", :layers => "T"
+    get :permalink, :params => { :code => "wBz3--", :layers => "T" }
     assert_response :redirect
     assert_redirected_to :controller => :site, :action => :index, :anchor => "map=3/4.8779296875/3.955078125&layers=T"
 
-    get :permalink, :code => "wBz3--", :node => 1
+    get :permalink, :params => { :code => "wBz3--", :node => 1 }
     assert_response :redirect
     assert_redirected_to :controller => :browse, :action => :node, :id => 1, :anchor => "map=3/4.8779296875/3.955078125"
 
-    get :permalink, :code => "wBz3--", :way => 2
+    get :permalink, :params => { :code => "wBz3--", :way => 2 }
     assert_response :redirect
     assert_redirected_to :controller => :browse, :action => :way, :id => 2, :anchor => "map=3/4.8779296875/3.955078125"
 
-    get :permalink, :code => "wBz3--", :relation => 3
+    get :permalink, :params => { :code => "wBz3--", :relation => 3 }
     assert_response :redirect
     assert_redirected_to :controller => :browse, :action => :relation, :id => 3, :anchor => "map=3/4.8779296875/3.955078125"
 
-    get :permalink, :code => "wBz3--", :changeset => 4
+    get :permalink, :params => { :code => "wBz3--", :changeset => 4 }
     assert_response :redirect
     assert_redirected_to :controller => :browse, :action => :changeset, :id => 4, :anchor => "map=3/4.8779296875/3.955078125"
   end
 
   # Test the key page
   def test_key
-    xhr :get, :key
+    get :key, :xhr => true
     assert_response :success
     assert_template "key"
     assert_template :layout => false
@@ -170,7 +170,7 @@ class SiteControllerTest < ActionController::TestCase
 
   # Test the right editor gets used when the user hasn't set a preference
   def test_edit_without_preference
-    get :edit, nil, :user => create(:user)
+    get :edit, :session => { :user => create(:user) }
     assert_response :success
     assert_template "edit"
     assert_template :partial => "_#{DEFAULT_EDITOR}", :count => 1
@@ -182,7 +182,7 @@ class SiteControllerTest < ActionController::TestCase
     user.preferred_editor = "id"
     user.save!
 
-    get :edit, nil, :user => user
+    get :edit, :session => { :user => user }
     assert_response :success
     assert_template "edit"
     assert_template :partial => "_id", :count => 1
@@ -191,7 +191,7 @@ class SiteControllerTest < ActionController::TestCase
     user.preferred_editor = "potlatch2"
     user.save!
 
-    get :edit, nil, :user => user
+    get :edit, :session => { :user => user }
     assert_response :success
     assert_template "edit"
     assert_template :partial => "_potlatch2", :count => 1
@@ -200,7 +200,7 @@ class SiteControllerTest < ActionController::TestCase
     user.preferred_editor = "potlatch"
     user.save!
 
-    get :edit, nil, :user => user
+    get :edit, :session => { :user => user }
     assert_response :success
     assert_template "edit"
     assert_template :partial => "_potlatch", :count => 1
@@ -209,29 +209,29 @@ class SiteControllerTest < ActionController::TestCase
     user.preferred_editor = "remote"
     user.save!
 
-    get :edit, nil, :user => user
+    get :edit, :session => { :user => user }
     assert_response :success
     assert_template "index"
   end
 
   # Test the right editor gets used when the URL has an override
   def test_edit_with_override
-    get :edit, { :editor => "id" }, { :user => create(:user) }
+    get :edit, :params => { :editor => "id" }, :session => { :user => create(:user) }
     assert_response :success
     assert_template "edit"
     assert_template :partial => "_id", :count => 1
 
-    get :edit, { :editor => "potlatch2" }, { :user => create(:user) }
+    get :edit, :params => { :editor => "potlatch2" }, :session => { :user => create(:user) }
     assert_response :success
     assert_template "edit"
     assert_template :partial => "_potlatch2", :count => 1
 
-    get :edit, { :editor => "potlatch" }, { :user => create(:user) }
+    get :edit, :params => { :editor => "potlatch" }, :session => { :user => create(:user) }
     assert_response :success
     assert_template "edit"
     assert_template :partial => "_potlatch", :count => 1
 
-    get :edit, { :editor => "remote" }, { :user => create(:user) }
+    get :edit, :params => { :editor => "remote" }, :session => { :user => create(:user) }
     assert_response :success
     assert_template "index"
   end
@@ -241,7 +241,7 @@ class SiteControllerTest < ActionController::TestCase
     user = create(:user)
     node = create(:node, :lat => 1.0, :lon => 1.0)
 
-    get :edit, { :node => node.id }, { :user => user }
+    get :edit, :params => { :node => node.id }, :session => { :user => user }
     assert_response :success
     assert_template "edit"
     assert_equal 1.0, assigns(:lat)
@@ -256,7 +256,7 @@ class SiteControllerTest < ActionController::TestCase
     way  = create(:way)
     create(:way_node, :node => node, :way => way)
 
-    get :edit, { :way => way.id }, { :user => user }
+    get :edit, :params => { :way => way.id }, :session => { :user => user }
     assert_response :success
     assert_template "edit"
     assert_equal 3.0, assigns(:lat)
@@ -271,7 +271,7 @@ class SiteControllerTest < ActionController::TestCase
       n.comments.create(:author_id => user.id)
     end
 
-    get :edit, { :note => note.id }, { :user => user }
+    get :edit, :params => { :note => note.id }, :session => { :user => user }
     assert_response :success
     assert_template "edit"
     assert_equal 1.0, assigns(:lat)
@@ -284,7 +284,7 @@ class SiteControllerTest < ActionController::TestCase
     user = create(:user)
     gpx  = create(:trace, :latitude => 1, :longitude => 1)
 
-    get :edit, { :gpx => gpx.id }, { :user => user }
+    get :edit, :params => { :gpx => gpx.id }, :session => { :user => user }
     assert_response :success
     assert_template "edit"
     assert_equal 1.0, assigns(:lat)
@@ -294,13 +294,13 @@ class SiteControllerTest < ActionController::TestCase
 
   # Test the edit page redirects
   def test_edit_redirect
-    get :edit, :lat => 4, :lon => 5
+    get :edit, :params => { :lat => 4, :lon => 5 }
     assert_redirected_to :controller => :site, :action => :edit, :anchor => "map=5/4/5"
 
-    get :edit, :lat => 4, :lon => 5, :zoom => 3
+    get :edit, :params => { :lat => 4, :lon => 5, :zoom => 3 }
     assert_redirected_to :controller => :site, :action => :edit, :anchor => "map=3/4/5"
 
-    get :edit, :lat => 4, :lon => 5, :zoom => 3, :editor => "id"
+    get :edit, :params => { :lat => 4, :lon => 5, :zoom => 3, :editor => "id" }
     assert_redirected_to :controller => :site, :action => :edit, :editor => "id", :anchor => "map=3/4/5"
   end
 
@@ -317,7 +317,7 @@ class SiteControllerTest < ActionController::TestCase
     assert_response :redirect
     assert_redirected_to :controller => :user, :action => :login, :referer => "/welcome"
 
-    get :welcome, nil, :user => create(:user)
+    get :welcome, :session => { :user => create(:user) }
     assert_response :success
     assert_template "welcome"
   end
@@ -350,7 +350,7 @@ class SiteControllerTest < ActionController::TestCase
     assert_template "export"
     assert_template :layout => "map"
 
-    xhr :get, :export
+    get :export, :xhr => true
     assert_response :success
     assert_template "export"
     assert_template :layout => "xhr"
@@ -365,19 +365,19 @@ class SiteControllerTest < ActionController::TestCase
 
   # Test the rich text preview
   def test_preview
-    xhr :post, :preview, :type => "html"
+    post :preview, :xhr => true, :params => { :type => "html" }
     assert_response :success
 
-    xhr :post, :preview, :type => "markdown"
+    post :preview, :xhr => true, :params => { :type => "markdown" }
     assert_response :success
 
-    xhr :post, :preview, :type => "text"
+    post :preview, :xhr => true, :params => { :type => "text" }
     assert_response :success
   end
 
   # Test the id frame
   def test_id
-    get :id, nil, :user => create(:user)
+    get :id, :session => { :user => create(:user) }
     assert_response :success
     assert_template "id"
     assert_template :layout => false
diff --git a/test/controllers/swf_controller_test.rb b/test/controllers/swf_controller_test.rb
index 953bf33ab..6848f9a65 100644
--- a/test/controllers/swf_controller_test.rb
+++ b/test/controllers/swf_controller_test.rb
@@ -23,19 +23,19 @@ class SwfControllerTest < ActionController::TestCase
       create(:tracepoint, :trace => trace, :latitude => (51.512 * GeoRecord::SCALE).to_i, :longitude => (0.142 * GeoRecord::SCALE).to_i)
     end
 
-    get :trackpoints, :xmin => -1, :xmax => 1, :ymin => 51, :ymax => 52, :baselong => 0, :basey => 0, :masterscale => 1
+    get :trackpoints, :params => { :xmin => -1, :xmax => 1, :ymin => 51, :ymax => 52, :baselong => 0, :basey => 0, :masterscale => 1 }
     assert_response :success
     assert_equal "application/x-shockwave-flash", response.content_type
     assert_match /^FWS/, response.body
     assert_equal 80, response.body.length
 
-    get :trackpoints, :xmin => -1, :xmax => 1, :ymin => 51, :ymax => 52, :baselong => 0, :basey => 0, :masterscale => 1, :token => other_user.tokens.create.token
+    get :trackpoints, :params => { :xmin => -1, :xmax => 1, :ymin => 51, :ymax => 52, :baselong => 0, :basey => 0, :masterscale => 1, :token => other_user.tokens.create.token }
     assert_response :success
     assert_equal "application/x-shockwave-flash", response.content_type
     assert_match /^FWS/, response.body
     assert_equal 67, response.body.length
 
-    get :trackpoints, :xmin => -1, :xmax => 1, :ymin => 51, :ymax => 52, :baselong => 0, :basey => 0, :masterscale => 1, :token => user.tokens.create.token
+    get :trackpoints, :params => { :xmin => -1, :xmax => 1, :ymin => 51, :ymax => 52, :baselong => 0, :basey => 0, :masterscale => 1, :token => user.tokens.create.token }
     assert_response :success
     assert_equal "application/x-shockwave-flash", response.content_type
     assert_match /^FWS/, response.body
diff --git a/test/controllers/trace_controller_test.rb b/test/controllers/trace_controller_test.rb
index bac53e74c..1e7642e36 100644
--- a/test/controllers/trace_controller_test.rb
+++ b/test/controllers/trace_controller_test.rb
@@ -185,15 +185,15 @@ class TraceControllerTest < ActionController::TestCase
     check_trace_list [trace_b, trace_a]
 
     # Restrict traces to those with a given tag
-    get :list, :tag => "London"
+    get :list, :params => { :tag => "London" }
     check_trace_list [trace_a]
 
     # Should see more when we are logged in
-    get :list, {}, { :user => user }
+    get :list, :session => { :user => user }
     check_trace_list [trace_d, trace_c, trace_b, trace_a]
 
     # Again, we should see more when we are logged in
-    get :list, { :tag => "London" }, { :user => user }
+    get :list, :params => { :tag => "London" }, :session => { :user => user }
     check_trace_list [trace_c, trace_a]
   end
 
@@ -212,11 +212,11 @@ class TraceControllerTest < ActionController::TestCase
     assert_redirected_to :controller => "user", :action => "login", :referer => "/traces/mine"
 
     # Now try when logged in
-    get :mine, {}, { :user => user }
+    get :mine, :session => { :user => user }
     assert_redirected_to :controller => "trace", :action => "list", :display_name => user.display_name
 
     # Fetch the actual list
-    get :list, { :display_name => user.display_name }, { :user => user }
+    get :list, :params => { :display_name => user.display_name }, :session => { :user => user }
     check_trace_list [trace_b]
   end
 
@@ -232,27 +232,27 @@ class TraceControllerTest < ActionController::TestCase
     end
 
     # Test a user with no traces
-    get :list, :display_name => second_user.display_name
+    get :list, :params => { :display_name => second_user.display_name }
     check_trace_list []
 
     # Test the user with the traces - should see only public ones
-    get :list, :display_name => user.display_name
+    get :list, :params => { :display_name => user.display_name }
     check_trace_list [trace_b]
 
     # Should still see only public ones when authenticated as another user
-    get :list, { :display_name => user.display_name }, { :user => third_user }
+    get :list, :params => { :display_name => user.display_name }, :session => { :user => third_user }
     check_trace_list [trace_b]
 
     # Should see all traces when authenticated as the target user
-    get :list, { :display_name => user.display_name }, { :user => user }
+    get :list, :params => { :display_name => user.display_name }, :session => { :user => user }
     check_trace_list [trace_c, trace_b]
 
     # Should only see traces with the correct tag when a tag is specified
-    get :list, { :display_name => user.display_name, :tag => "London" }, { :user => user }
+    get :list, :params => { :display_name => user.display_name, :tag => "London" }, :session => { :user => user }
     check_trace_list [trace_c]
 
     # Should get an error if the user does not exist
-    get :list, :display_name => "UnknownUser"
+    get :list, :params => { :display_name => "UnknownUser" }
     assert_response :not_found
     assert_template "user/no_such_user"
   end
@@ -262,19 +262,19 @@ class TraceControllerTest < ActionController::TestCase
     user = create(:user)
 
     # First with the public feed
-    get :georss, :format => :rss
+    get :georss, :params => { :format => :rss }
     check_trace_feed Trace.visible_to_all
 
     # Restrict traces to those with a given tag
-    get :georss, :tag => "London", :format => :rss
+    get :georss, :params => { :tag => "London", :format => :rss }
     check_trace_feed Trace.tagged("London").visible_to_all
 
     # Restrict traces to those for a given user
-    get :georss, :display_name => user.display_name, :format => :rss
+    get :georss, :params => { :display_name => user.display_name, :format => :rss }
     check_trace_feed user.traces.visible_to_all
 
     # Restrict traces to those for a given user with a tiven tag
-    get :georss, :display_name => user.display_name, :tag => "Birmingham", :format => :rss
+    get :georss, :params => { :display_name => user.display_name, :tag => "Birmingham", :format => :rss }
     check_trace_feed user.traces.tagged("Birmingham").visible_to_all
   end
 
@@ -283,15 +283,15 @@ class TraceControllerTest < ActionController::TestCase
     public_trace_file = create(:trace, :visibility => "public")
 
     # First with no auth, which should work since the trace is public
-    get :view, :display_name => public_trace_file.user.display_name, :id => public_trace_file.id
+    get :view, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }
     check_trace_view public_trace_file
 
     # Now with some other user, which should work since the trace is public
-    get :view, { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, { :user => create(:user) }
+    get :view, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => create(:user) }
     check_trace_view public_trace_file
 
     # And finally we should be able to do it with the owner of the trace
-    get :view, { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, { :user => public_trace_file.user }
+    get :view, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => public_trace_file.user }
     check_trace_view public_trace_file
   end
 
@@ -300,17 +300,17 @@ class TraceControllerTest < ActionController::TestCase
     anon_trace_file = create(:trace, :visibility => "private")
 
     # First with no auth
-    get :view, :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id
+    get :view, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }
     assert_response :redirect
     assert_redirected_to :action => :list
 
     # Now with some other user, which should not work since the trace is anon
-    get :view, { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, { :user => create(:user) }
+    get :view, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, :session => { :user => create(:user) }
     assert_response :redirect
     assert_redirected_to :action => :list
 
     # And finally we should be able to do it with the owner of the trace
-    get :view, { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, { :user => anon_trace_file.user }
+    get :view, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, :session => { :user => anon_trace_file.user }
     check_trace_view anon_trace_file
   end
 
@@ -319,12 +319,12 @@ class TraceControllerTest < ActionController::TestCase
     deleted_trace_file = create(:trace, :deleted)
 
     # First with a trace that has never existed
-    get :view, :display_name => create(:user).display_name, :id => 0
+    get :view, :params => { :display_name => create(:user).display_name, :id => 0 }
     assert_response :redirect
     assert_redirected_to :action => :list
 
     # Now with a trace that has been deleted
-    get :view, { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, { :user => deleted_trace_file.user }
+    get :view, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, :session => { :user => deleted_trace_file.user }
     assert_response :redirect
     assert_redirected_to :action => :list
   end
@@ -334,15 +334,15 @@ class TraceControllerTest < ActionController::TestCase
     public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
 
     # First with no auth, which should work since the trace is public
-    get :data, :display_name => public_trace_file.user.display_name, :id => public_trace_file.id
+    get :data, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }
     check_trace_data public_trace_file
 
     # Now with some other user, which should work since the trace is public
-    get :data, { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, { :user => create(:user) }
+    get :data, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => create(:user) }
     check_trace_data public_trace_file
 
     # And finally we should be able to do it with the owner of the trace
-    get :data, { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, { :user => public_trace_file.user }
+    get :data, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => public_trace_file.user }
     check_trace_data public_trace_file
   end
 
@@ -351,15 +351,15 @@ class TraceControllerTest < ActionController::TestCase
     identifiable_trace_file = create(:trace, :visibility => "identifiable", :fixture => "d")
 
     # First get the data as is
-    get :data, :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id
+    get :data, :params => { :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id }
     check_trace_data identifiable_trace_file, "application/x-gzip", "gpx.gz"
 
     # Now ask explicitly for XML format
-    get :data, :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id, :format => "xml"
+    get :data, :params => { :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id, :format => "xml" }
     check_trace_data identifiable_trace_file, "application/xml", "xml"
 
     # Now ask explicitly for GPX format
-    get :data, :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id, :format => "gpx"
+    get :data, :params => { :display_name => identifiable_trace_file.user.display_name, :id => identifiable_trace_file.id, :format => "gpx" }
     check_trace_data identifiable_trace_file
   end
 
@@ -368,15 +368,15 @@ class TraceControllerTest < ActionController::TestCase
     anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
 
     # First with no auth
-    get :data, :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id
+    get :data, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }
     assert_response :not_found
 
     # Now with some other user, which shouldn't work since the trace is anon
-    get :data, { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, { :user => create(:user) }
+    get :data, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, :session => { :user => create(:user) }
     assert_response :not_found
 
     # And finally we should be able to do it with the owner of the trace
-    get :data, { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, { :user => anon_trace_file.user }
+    get :data, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, :session => { :user => anon_trace_file.user }
     check_trace_data anon_trace_file
   end
 
@@ -385,11 +385,11 @@ class TraceControllerTest < ActionController::TestCase
     deleted_trace_file = create(:trace, :deleted)
 
     # First with a trace that has never existed
-    get :data, :display_name => create(:user).display_name, :id => 0
+    get :data, :params => { :display_name => create(:user).display_name, :id => 0 }
     assert_response :not_found
 
     # Now with a trace that has been deleted
-    get :data, { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, { :user => deleted_trace_file.user }
+    get :data, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, :session => { :user => deleted_trace_file.user }
     assert_response :not_found
   end
 
@@ -398,15 +398,15 @@ class TraceControllerTest < ActionController::TestCase
     public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
 
     # First with no auth, which should work since the trace is public
-    get :picture, :display_name => public_trace_file.user.display_name, :id => public_trace_file.id
+    get :picture, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }
     check_trace_picture public_trace_file
 
     # Now with some other user, which should work since the trace is public
-    get :picture, { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, { :user => create(:user) }
+    get :picture, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => create(:user) }
     check_trace_picture public_trace_file
 
     # And finally we should be able to do it with the owner of the trace
-    get :picture, { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, { :user => public_trace_file.user }
+    get :picture, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => public_trace_file.user }
     check_trace_picture public_trace_file
   end
 
@@ -415,15 +415,15 @@ class TraceControllerTest < ActionController::TestCase
     anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
 
     # First with no auth
-    get :picture, :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id
+    get :picture, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }
     assert_response :forbidden
 
     # Now with some other user, which shouldn't work since the trace is anon
-    get :picture, { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, { :user => create(:user) }
+    get :picture, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, :session => { :user => create(:user) }
     assert_response :forbidden
 
     # And finally we should be able to do it with the owner of the trace
-    get :picture, { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, { :user => anon_trace_file.user }
+    get :picture, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, :session => { :user => anon_trace_file.user }
     check_trace_picture anon_trace_file
   end
 
@@ -432,11 +432,11 @@ class TraceControllerTest < ActionController::TestCase
     deleted_trace_file = create(:trace, :deleted)
 
     # First with a trace that has never existed
-    get :picture, :display_name => create(:user).display_name, :id => 0
+    get :picture, :params => { :display_name => create(:user).display_name, :id => 0 }
     assert_response :not_found
 
     # Now with a trace that has been deleted
-    get :picture, { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, { :user => deleted_trace_file.user }
+    get :picture, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, :session => { :user => deleted_trace_file.user }
     assert_response :not_found
   end
 
@@ -445,15 +445,15 @@ class TraceControllerTest < ActionController::TestCase
     public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
 
     # First with no auth, which should work since the trace is public
-    get :icon, :display_name => public_trace_file.user.display_name, :id => public_trace_file.id
+    get :icon, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }
     check_trace_icon public_trace_file
 
     # Now with some other user, which should work since the trace is public
-    get :icon, { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, { :user => create(:user) }
+    get :icon, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => create(:user) }
     check_trace_icon public_trace_file
 
     # And finally we should be able to do it with the owner of the trace
-    get :icon, { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, { :user => public_trace_file.user }
+    get :icon, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => public_trace_file.user }
     check_trace_icon public_trace_file
   end
 
@@ -462,15 +462,15 @@ class TraceControllerTest < ActionController::TestCase
     anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
 
     # First with no auth
-    get :icon, :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id
+    get :icon, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }
     assert_response :forbidden
 
     # Now with some other user, which shouldn't work since the trace is anon
-    get :icon, { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, { :user => create(:user) }
+    get :icon, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, :session => { :user => create(:user) }
     assert_response :forbidden
 
     # And finally we should be able to do it with the owner of the trace
-    get :icon, { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, { :user => anon_trace_file.user }
+    get :icon, :params => { :display_name => anon_trace_file.user.display_name, :id => anon_trace_file.id }, :session => { :user => anon_trace_file.user }
     check_trace_icon anon_trace_file
   end
 
@@ -479,11 +479,11 @@ class TraceControllerTest < ActionController::TestCase
     deleted_trace_file = create(:trace, :deleted)
 
     # First with a trace that has never existed
-    get :icon, :display_name => create(:user).display_name, :id => 0
+    get :icon, :params => { :display_name => create(:user).display_name, :id => 0 }
     assert_response :not_found
 
     # Now with a trace that has been deleted
-    get :icon, { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, { :user => deleted_trace_file.user }
+    get :icon, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, :session => { :user => deleted_trace_file.user }
     assert_response :not_found
   end
 
@@ -497,7 +497,7 @@ class TraceControllerTest < ActionController::TestCase
     # Now authenticated as a user with gps.trace.visibility set
     user = create(:user)
     create(:user_preference, :user => user, :k => "gps.trace.visibility", :v => "identifiable")
-    get :create, {}, { :user => user }
+    get :create, :session => { :user => user }
     assert_response :success
     assert_template :create
     assert_select "select#trace_visibility option[value=identifiable][selected]", 1
@@ -505,14 +505,14 @@ class TraceControllerTest < ActionController::TestCase
     # Now authenticated as a user with gps.trace.public set
     second_user = create(:user)
     create(:user_preference, :user => second_user, :k => "gps.trace.public", :v => "default")
-    get :create, {}, { :user => second_user }
+    get :create, :session => { :user => second_user }
     assert_response :success
     assert_template :create
     assert_select "select#trace_visibility option[value=public][selected]", 1
 
     # Now authenticated as a user with no preferences
     third_user = create(:user)
-    get :create, {}, { :user => third_user }
+    get :create, :session => { :user => third_user }
     assert_response :success
     assert_template :create
     assert_select "select#trace_visibility option[value=private][selected]", 1
@@ -526,13 +526,13 @@ class TraceControllerTest < ActionController::TestCase
     user = create(:user)
 
     # First with no auth
-    post :create, :trace => { :gpx_file => file, :description => "New Trace", :tagstring => "new,trace", :visibility => "trackable" }
+    post :create, :params => { :trace => { :gpx_file => file, :description => "New Trace", :tagstring => "new,trace", :visibility => "trackable" } }
     assert_response :forbidden
 
     # Now authenticated
     create(:user_preference, :user => user, :k => "gps.trace.visibility", :v => "identifiable")
     assert_not_equal "trackable", user.preferences.where(:k => "gps.trace.visibility").first.v
-    post :create, { :trace => { :gpx_file => file, :description => "New Trace", :tagstring => "new,trace", :visibility => "trackable" } }, { :user => user }
+    post :create, :params => { :trace => { :gpx_file => file, :description => "New Trace", :tagstring => "new,trace", :visibility => "trackable" } }, :session => { :user => user }
     assert_response :redirect
     assert_redirected_to :action => :list, :display_name => user.display_name
     assert_match /file has been uploaded/, flash[:notice]
@@ -553,24 +553,24 @@ class TraceControllerTest < ActionController::TestCase
     deleted_trace_file = create(:trace, :deleted)
 
     # First with no auth
-    get :edit, :display_name => public_trace_file.user.display_name, :id => public_trace_file.id
+    get :edit, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }
     assert_response :redirect
     assert_redirected_to :controller => :user, :action => :login, :referer => trace_edit_path(:display_name => public_trace_file.user.display_name, :id => public_trace_file.id)
 
     # Now with some other user, which should fail
-    get :edit, { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, { :user => create(:user) }
+    get :edit, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => create(:user) }
     assert_response :forbidden
 
     # Now with a trace which doesn't exist
-    get :edit, { :display_name => create(:user).display_name, :id => 0 }, { :user => create(:user) }
+    get :edit, :params => { :display_name => create(:user).display_name, :id => 0 }, :session => { :user => create(:user) }
     assert_response :not_found
 
     # Now with a trace which has been deleted
-    get :edit, { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, { :user => deleted_trace_file.user }
+    get :edit, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, :session => { :user => deleted_trace_file.user }
     assert_response :not_found
 
     # Finally with a trace that we are allowed to edit
-    get :edit, { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, { :user => public_trace_file.user }
+    get :edit, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => public_trace_file.user }
     assert_response :success
   end
 
@@ -580,23 +580,23 @@ class TraceControllerTest < ActionController::TestCase
     deleted_trace_file = create(:trace, :deleted)
 
     # First with no auth
-    post :edit, :display_name => public_trace_file.user.display_name, :id => public_trace_file.id
+    post :edit, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }
     assert_response :forbidden
 
     # Now with some other user, which should fail
-    post :edit, { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, { :user => create(:user) }
+    post :edit, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => create(:user) }
     assert_response :forbidden
 
     # Now with a trace which doesn't exist
-    post :edit, { :display_name => create(:user).display_name, :id => 0 }, { :user => create(:user) }
+    post :edit, :params => { :display_name => create(:user).display_name, :id => 0 }, :session => { :user => create(:user) }
     assert_response :not_found
 
     # Now with a trace which has been deleted
-    post :edit, { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, { :user => deleted_trace_file.user }
+    post :edit, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, :session => { :user => deleted_trace_file.user }
     assert_response :not_found
 
     # Finally with a trace that we are allowed to edit
-    post :edit, { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, { :user => public_trace_file.user }
+    post :edit, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => public_trace_file.user }
     assert_response :success
   end
 
@@ -609,23 +609,23 @@ class TraceControllerTest < ActionController::TestCase
     new_details = { :description => "Changed description", :tagstring => "new_tag", :visibility => "private" }
 
     # First with no auth
-    post :edit, :display_name => public_trace_file.user.display_name, :id => public_trace_file.id, :trace => new_details
+    post :edit, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id, :trace => new_details }
     assert_response :forbidden
 
     # Now with some other user, which should fail
-    post :edit, { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id, :trace => new_details }, { :user => create(:user) }
+    post :edit, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id, :trace => new_details }, :session => { :user => create(:user) }
     assert_response :forbidden
 
     # Now with a trace which doesn't exist
-    post :edit, { :display_name => create(:user).display_name, :id => 0 }, { :user => create(:user), :trace => new_details }
+    post :edit, :params => { :display_name => create(:user).display_name, :id => 0 }, :session => { :user => create(:user), :trace => new_details }
     assert_response :not_found
 
     # Now with a trace which has been deleted
-    post :edit, { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id, :trace => new_details }, { :user => deleted_trace_file.user }
+    post :edit, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id, :trace => new_details }, :session => { :user => deleted_trace_file.user }
     assert_response :not_found
 
     # Finally with a trace that we are allowed to edit
-    post :edit, { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id, :trace => new_details }, { :user => public_trace_file.user }
+    post :edit, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id, :trace => new_details }, :session => { :user => public_trace_file.user }
     assert_response :redirect
     assert_redirected_to :action => :view, :display_name => public_trace_file.user.display_name
     trace = Trace.find(public_trace_file.id)
@@ -640,23 +640,23 @@ class TraceControllerTest < ActionController::TestCase
     deleted_trace_file = create(:trace, :deleted)
 
     # First with no auth
-    post :delete, :display_name => public_trace_file.user.display_name, :id => public_trace_file.id
+    post :delete, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }
     assert_response :forbidden
 
     # Now with some other user, which should fail
-    post :delete, { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, { :user => create(:user) }
+    post :delete, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => create(:user) }
     assert_response :forbidden
 
     # Now with a trace which doesn't exist
-    post :delete, { :display_name => create(:user).display_name, :id => 0 }, { :user => create(:user) }
+    post :delete, :params => { :display_name => create(:user).display_name, :id => 0 }, :session => { :user => create(:user) }
     assert_response :not_found
 
     # Now with a trace has already been deleted
-    post :delete, { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, { :user => deleted_trace_file.user }
+    post :delete, :params => { :display_name => deleted_trace_file.user.display_name, :id => deleted_trace_file.id }, :session => { :user => deleted_trace_file.user }
     assert_response :not_found
 
     # Finally with a trace that we are allowed to delete
-    post :delete, { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, { :user => public_trace_file.user }
+    post :delete, :params => { :display_name => public_trace_file.user.display_name, :id => public_trace_file.id }, :session => { :user => public_trace_file.user }
     assert_response :redirect
     assert_redirected_to :action => :list, :display_name => public_trace_file.user.display_name
     trace = Trace.find(public_trace_file.id)
@@ -668,17 +668,17 @@ class TraceControllerTest < ActionController::TestCase
     public_trace_file = create(:trace, :visibility => "public")
 
     # First with no auth
-    get :api_read, :id => public_trace_file.id
+    get :api_read, :params => { :id => public_trace_file.id }
     assert_response :unauthorized
 
     # Now with some other user, which should work since the trace is public
     basic_authorization(create(:user).display_name, "test")
-    get :api_read, :id => public_trace_file.id
+    get :api_read, :params => { :id => public_trace_file.id }
     assert_response :success
 
     # And finally we should be able to do it with the owner of the trace
     basic_authorization(public_trace_file.user.display_name, "test")
-    get :api_read, :id => public_trace_file.id
+    get :api_read, :params => { :id => public_trace_file.id }
     assert_response :success
   end
 
@@ -687,17 +687,17 @@ class TraceControllerTest < ActionController::TestCase
     anon_trace_file = create(:trace, :visibility => "private")
 
     # First with no auth
-    get :api_read, :id => anon_trace_file.id
+    get :api_read, :params => { :id => anon_trace_file.id }
     assert_response :unauthorized
 
     # Now try with another user, which shouldn't work since the trace is anon
     basic_authorization(create(:user).display_name, "test")
-    get :api_read, :id => anon_trace_file.id
+    get :api_read, :params => { :id => anon_trace_file.id }
     assert_response :forbidden
 
     # And finally we should be able to get the trace details with the trace owner
     basic_authorization(anon_trace_file.user.display_name, "test")
-    get :api_read, :id => anon_trace_file.id
+    get :api_read, :params => { :id => anon_trace_file.id }
     assert_response :success
   end
 
@@ -706,17 +706,17 @@ class TraceControllerTest < ActionController::TestCase
     deleted_trace_file = create(:trace, :deleted)
 
     # Try first with no auth, as it should require it
-    get :api_read, :id => 0
+    get :api_read, :params => { :id => 0 }
     assert_response :unauthorized
 
     # Login, and try again
     basic_authorization(deleted_trace_file.user.display_name, "test")
-    get :api_read, :id => 0
+    get :api_read, :params => { :id => 0 }
     assert_response :not_found
 
     # Now try a trace which did exist but has been deleted
     basic_authorization(deleted_trace_file.user.display_name, "test")
-    get :api_read, :id => deleted_trace_file.id
+    get :api_read, :params => { :id => deleted_trace_file.id }
     assert_response :not_found
   end
 
@@ -725,17 +725,17 @@ class TraceControllerTest < ActionController::TestCase
     public_trace_file = create(:trace, :visibility => "public", :fixture => "a")
 
     # First with no auth
-    get :api_data, :id => public_trace_file.id
+    get :api_data, :params => { :id => public_trace_file.id }
     assert_response :unauthorized
 
     # Now with some other user, which should work since the trace is public
     basic_authorization(create(:user).display_name, "test")
-    get :api_data, :id => public_trace_file.id
+    get :api_data, :params => { :id => public_trace_file.id }
     check_trace_data public_trace_file
 
     # And finally we should be able to do it with the owner of the trace
     basic_authorization(public_trace_file.user.display_name, "test")
-    get :api_data, :id => public_trace_file.id
+    get :api_data, :params => { :id => public_trace_file.id }
     check_trace_data public_trace_file
   end
 
@@ -747,15 +747,15 @@ class TraceControllerTest < ActionController::TestCase
     basic_authorization(identifiable_trace_file.user.display_name, "test")
 
     # First get the data as is
-    get :api_data, :id => identifiable_trace_file.id
+    get :api_data, :params => { :id => identifiable_trace_file.id }
     check_trace_data identifiable_trace_file, "application/x-gzip", "gpx.gz"
 
     # Now ask explicitly for XML format
-    get :api_data, :id => identifiable_trace_file.id, :format => "xml"
+    get :api_data, :params => { :id => identifiable_trace_file.id, :format => "xml" }
     check_trace_data identifiable_trace_file, "application/xml", "xml"
 
     # Now ask explicitly for GPX format
-    get :api_data, :id => identifiable_trace_file.id, :format => "gpx"
+    get :api_data, :params => { :id => identifiable_trace_file.id, :format => "gpx" }
     check_trace_data identifiable_trace_file
   end
 
@@ -764,17 +764,17 @@ class TraceControllerTest < ActionController::TestCase
     anon_trace_file = create(:trace, :visibility => "private", :fixture => "b")
 
     # First with no auth
-    get :api_data, :id => anon_trace_file.id
+    get :api_data, :params => { :id => anon_trace_file.id }
     assert_response :unauthorized
 
     # Now with some other user, which shouldn't work since the trace is anon
     basic_authorization(create(:user).display_name, "test")
-    get :api_data, :id => anon_trace_file.id
+    get :api_data, :params => { :id => anon_trace_file.id }
     assert_response :forbidden
 
     # And finally we should be able to do it with the owner of the trace
     basic_authorization(anon_trace_file.user.display_name, "test")
-    get :api_data, :id => anon_trace_file.id
+    get :api_data, :params => { :id => anon_trace_file.id }
     check_trace_data anon_trace_file
   end
 
@@ -783,17 +783,17 @@ class TraceControllerTest < ActionController::TestCase
     deleted_trace_file = create(:trace, :deleted)
 
     # Try first with no auth, as it should require it
-    get :api_data, :id => 0
+    get :api_data, :params => { :id => 0 }
     assert_response :unauthorized
 
     # Login, and try again
     basic_authorization(create(:user).display_name, "test")
-    get :api_data, :id => 0
+    get :api_data, :params => { :id => 0 }
     assert_response :not_found
 
     # Now try a trace which did exist but has been deleted
     basic_authorization(deleted_trace_file.user.display_name, "test")
-    get :api_data, :id => deleted_trace_file.id
+    get :api_data, :params => { :id => deleted_trace_file.id }
     assert_response :not_found
   end
 
@@ -805,14 +805,14 @@ class TraceControllerTest < ActionController::TestCase
     user = create(:user)
 
     # First with no auth
-    post :api_create, :file => file, :description => "New Trace", :tags => "new,trace", :visibility => "trackable"
+    post :api_create, :params => { :file => file, :description => "New Trace", :tags => "new,trace", :visibility => "trackable" }
     assert_response :unauthorized
 
     # Now authenticated
     create(:user_preference, :user => user, :k => "gps.trace.visibility", :v => "identifiable")
     assert_not_equal "trackable", user.preferences.where(:k => "gps.trace.visibility").first.v
     basic_authorization(user.display_name, "test")
-    post :api_create, :file => file, :description => "New Trace", :tags => "new,trace", :visibility => "trackable"
+    post :api_create, :params => { :file => file, :description => "New Trace", :tags => "new,trace", :visibility => "trackable" }
     assert_response :success
     trace = Trace.find(response.body.to_i)
     assert_equal "a.gpx", trace.name
@@ -830,7 +830,7 @@ class TraceControllerTest < ActionController::TestCase
     # Now authenticated, with the legacy public flag
     assert_not_equal "public", user.preferences.where(:k => "gps.trace.visibility").first.v
     basic_authorization(user.display_name, "test")
-    post :api_create, :file => file, :description => "New Trace", :tags => "new,trace", :public => 1
+    post :api_create, :params => { :file => file, :description => "New Trace", :tags => "new,trace", :public => 1 }
     assert_response :success
     trace = Trace.find(response.body.to_i)
     assert_equal "a.gpx", trace.name
@@ -849,7 +849,7 @@ class TraceControllerTest < ActionController::TestCase
     second_user = create(:user)
     assert_nil second_user.preferences.where(:k => "gps.trace.visibility").first
     basic_authorization(second_user.display_name, "test")
-    post :api_create, :file => file, :description => "New Trace", :tags => "new,trace", :public => 0
+    post :api_create, :params => { :file => file, :description => "New Trace", :tags => "new,trace", :public => 0 }
     assert_response :success
     trace = Trace.find(response.body.to_i)
     assert_equal "a.gpx", trace.name
@@ -870,31 +870,31 @@ class TraceControllerTest < ActionController::TestCase
 
     # First with no auth
     content public_trace_file.to_xml
-    put :api_update, :id => public_trace_file.id
+    put :api_update, :params => { :id => public_trace_file.id }
     assert_response :unauthorized
 
     # Now with some other user, which should fail
     basic_authorization(create(:user).display_name, "test")
     content public_trace_file.to_xml
-    put :api_update, :id => public_trace_file.id
+    put :api_update, :params => { :id => public_trace_file.id }
     assert_response :forbidden
 
     # Now with a trace which doesn't exist
     basic_authorization(create(:user).display_name, "test")
     content public_trace_file.to_xml
-    put :api_update, :id => 0
+    put :api_update, :params => { :id => 0 }
     assert_response :not_found
 
     # Now with a trace which did exist but has been deleted
     basic_authorization(deleted_trace_file.user.display_name, "test")
     content deleted_trace_file.to_xml
-    put :api_update, :id => deleted_trace_file.id
+    put :api_update, :params => { :id => deleted_trace_file.id }
     assert_response :not_found
 
     # Now try an update with the wrong ID
     basic_authorization(public_trace_file.user.display_name, "test")
     content anon_trace_file.to_xml
-    put :api_update, :id => public_trace_file.id
+    put :api_update, :params => { :id => public_trace_file.id }
     assert_response :bad_request,
                     "should not be able to update a trace with a different ID from the XML"
 
@@ -904,7 +904,7 @@ class TraceControllerTest < ActionController::TestCase
     t.description = "Changed description"
     t.visibility = "private"
     content t.to_xml
-    put :api_update, :id => t.id
+    put :api_update, :params => { :id => t.id }
     assert_response :success
     nt = Trace.find(t.id)
     assert_equal nt.description, t.description
@@ -916,27 +916,27 @@ class TraceControllerTest < ActionController::TestCase
     public_trace_file = create(:trace, :visibility => "public")
 
     # First with no auth
-    delete :api_delete, :id => public_trace_file.id
+    delete :api_delete, :params => { :id => public_trace_file.id }
     assert_response :unauthorized
 
     # Now with some other user, which should fail
     basic_authorization(create(:user).display_name, "test")
-    delete :api_delete, :id => public_trace_file.id
+    delete :api_delete, :params => { :id => public_trace_file.id }
     assert_response :forbidden
 
     # Now with a trace which doesn't exist
     basic_authorization(create(:user).display_name, "test")
-    delete :api_delete, :id => 0
+    delete :api_delete, :params => { :id => 0 }
     assert_response :not_found
 
     # And finally we should be able to do it with the owner of the trace
     basic_authorization(public_trace_file.user.display_name, "test")
-    delete :api_delete, :id => public_trace_file.id
+    delete :api_delete, :params => { :id => public_trace_file.id }
     assert_response :success
 
     # Try it a second time, which should fail
     basic_authorization(public_trace_file.user.display_name, "test")
-    delete :api_delete, :id => public_trace_file.id
+    delete :api_delete, :params => { :id => public_trace_file.id }
     assert_response :not_found
   end
 
diff --git a/test/controllers/user_blocks_controller_test.rb b/test/controllers/user_blocks_controller_test.rb
index c821ea39e..7be619c2a 100644
--- a/test/controllers/user_blocks_controller_test.rb
+++ b/test/controllers/user_blocks_controller_test.rb
@@ -86,21 +86,21 @@ class UserBlocksControllerTest < ActionController::TestCase
     end
 
     # Viewing a block should fail when a bogus ID is given
-    get :show, :id => 99999
+    get :show, :params => { :id => 99999 }
     assert_response :not_found
     assert_template "not_found"
     assert_select "p", "Sorry, the user block with ID 99999 could not be found."
 
     # Viewing an expired block should work
-    get :show, :id => expired_block.id
+    get :show, :params => { :id => expired_block.id }
     assert_response :success
 
     # Viewing a revoked block should work
-    get :show, :id => revoked_block.id
+    get :show, :params => { :id => revoked_block.id }
     assert_response :success
 
     # Viewing an active block should work, but shouldn't mark it as seen
-    get :show, :id => active_block.id
+    get :show, :params => { :id => active_block.id }
     assert_response :success
     assert_equal true, UserBlock.find(active_block.id).needs_view
 
@@ -108,7 +108,7 @@ class UserBlocksControllerTest < ActionController::TestCase
     session[:user] = active_block.user.id
 
     # Now viewing it should mark it as seen
-    get :show, :id => active_block.id
+    get :show, :params => { :id => active_block.id }
     assert_response :success
     assert_equal false, UserBlock.find(active_block.id).needs_view
   end
@@ -119,14 +119,14 @@ class UserBlocksControllerTest < ActionController::TestCase
     target_user = create(:user)
 
     # Check that the block creation page requires us to login
-    get :new, :display_name => target_user.display_name
+    get :new, :params => { :display_name => target_user.display_name }
     assert_redirected_to login_path(:referer => new_user_block_path(:display_name => target_user.display_name))
 
     # Login as a normal user
     session[:user] = create(:user).id
 
     # Check that normal users can't load the block creation page
-    get :new, :display_name => target_user.display_name
+    get :new, :params => { :display_name => target_user.display_name }
     assert_redirected_to user_blocks_path
     assert_equal "You need to be a moderator to perform that action.", flash[:error]
 
@@ -134,7 +134,7 @@ class UserBlocksControllerTest < ActionController::TestCase
     session[:user] = create(:moderator_user).id
 
     # Check that the block creation page loads for moderators
-    get :new, :display_name => target_user.display_name
+    get :new, :params => { :display_name => target_user.display_name }
     assert_response :success
     assert_select "form#new_user_block", :count => 1 do
       assert_select "textarea#user_block_reason", :count => 1
@@ -151,7 +151,7 @@ class UserBlocksControllerTest < ActionController::TestCase
     assert_select "h1", "The user  does not exist"
 
     # We should get an error if the user doesn't exist
-    get :new, :display_name => "non_existent_user"
+    get :new, :params => { :display_name => "non_existent_user" }
     assert_response :not_found
     assert_template "user/no_such_user"
     assert_select "h1", "The user non_existent_user does not exist"
@@ -163,14 +163,14 @@ class UserBlocksControllerTest < ActionController::TestCase
     active_block = create(:user_block)
 
     # Check that the block edit page requires us to login
-    get :edit, :id => active_block.id
+    get :edit, :params => { :id => active_block.id }
     assert_redirected_to login_path(:referer => edit_user_block_path(:id => active_block.id))
 
     # Login as a normal user
     session[:user] = create(:user).id
 
     # Check that normal users can't load the block edit page
-    get :edit, :id => active_block.id
+    get :edit, :params => { :id => active_block.id }
     assert_redirected_to user_blocks_path
     assert_equal "You need to be a moderator to perform that action.", flash[:error]
 
@@ -178,7 +178,7 @@ class UserBlocksControllerTest < ActionController::TestCase
     session[:user] = create(:moderator_user).id
 
     # Check that the block edit page loads for moderators
-    get :edit, :id => active_block.id
+    get :edit, :params => { :id => active_block.id }
     assert_response :success
     assert_select "form#edit_user_block_#{active_block.id}", :count => 1 do
       assert_select "textarea#user_block_reason", :count => 1
@@ -193,7 +193,7 @@ class UserBlocksControllerTest < ActionController::TestCase
     end
 
     # We should get an error if the user doesn't exist
-    get :edit, :id => 99999
+    get :edit, :params => { :id => 99999 }
     assert_response :not_found
     assert_template "not_found"
     assert_select "p", "Sorry, the user block with ID 99999 could not be found."
@@ -222,8 +222,8 @@ class UserBlocksControllerTest < ActionController::TestCase
     # A bogus block period should result in an error
     assert_no_difference "UserBlock.count" do
       post :create,
-           :display_name => target_user.display_name,
-           :user_block_period => "99"
+           :params => { :display_name => target_user.display_name,
+                        :user_block_period => "99" }
     end
     assert_redirected_to new_user_block_path(:display_name => target_user.display_name)
     assert_equal "The blocking period must be one of the values selectable in the drop-down list.", flash[:error]
@@ -231,9 +231,9 @@ class UserBlocksControllerTest < ActionController::TestCase
     # Check that creating a block works
     assert_difference "UserBlock.count", 1 do
       post :create,
-           :display_name => target_user.display_name,
-           :user_block_period => "12",
-           :user_block => { :needs_view => false, :reason => "Vandalism" }
+           :params => { :display_name => target_user.display_name,
+                        :user_block_period => "12",
+                        :user_block => { :needs_view => false, :reason => "Vandalism" } }
     end
     id = UserBlock.order(:id).ids.last
     assert_redirected_to user_block_path(:id => id)
@@ -254,7 +254,7 @@ class UserBlocksControllerTest < ActionController::TestCase
     assert_select "h1", "The user  does not exist"
 
     # We should get an error if the user doesn't exist
-    post :create, :display_name => "non_existent_user"
+    post :create, :params => { :display_name => "non_existent_user" }
     assert_response :not_found
     assert_template "user/no_such_user"
     assert_select "h1", "The user non_existent_user does not exist"
@@ -268,14 +268,14 @@ class UserBlocksControllerTest < ActionController::TestCase
     active_block = create(:user_block, :creator => moderator_user)
 
     # Not logged in yet, so updating a block should fail
-    put :update, :id => active_block.id
+    put :update, :params => { :id => active_block.id }
     assert_response :forbidden
 
     # Login as a normal user
     session[:user] = create(:user).id
 
     # Check that normal users can't update blocks
-    put :update, :id => active_block.id
+    put :update, :params => { :id => active_block.id }
     assert_response :forbidden
 
     # Login as the wrong moderator
@@ -284,9 +284,9 @@ class UserBlocksControllerTest < ActionController::TestCase
     # Check that only the person who created a block can update it
     assert_no_difference "UserBlock.count" do
       put :update,
-          :id => active_block.id,
-          :user_block_period => "12",
-          :user_block => { :needs_view => true, :reason => "Vandalism" }
+          :params => { :id => active_block.id,
+                       :user_block_period => "12",
+                       :user_block => { :needs_view => true, :reason => "Vandalism" } }
     end
     assert_redirected_to edit_user_block_path(:id => active_block.id)
     assert_equal "Only the moderator who created this block can edit it.", flash[:error]
@@ -297,8 +297,8 @@ class UserBlocksControllerTest < ActionController::TestCase
     # A bogus block period should result in an error
     assert_no_difference "UserBlock.count" do
       put :update,
-          :id => active_block.id,
-          :user_block_period => "99"
+          :params => { :id => active_block.id,
+                       :user_block_period => "99" }
     end
     assert_redirected_to edit_user_block_path(:id => active_block.id)
     assert_equal "The blocking period must be one of the values selectable in the drop-down list.", flash[:error]
@@ -306,9 +306,9 @@ class UserBlocksControllerTest < ActionController::TestCase
     # Check that updating a block works
     assert_no_difference "UserBlock.count" do
       put :update,
-          :id => active_block.id,
-          :user_block_period => "12",
-          :user_block => { :needs_view => true, :reason => "Vandalism" }
+          :params => { :id => active_block.id,
+                       :user_block_period => "12",
+                       :user_block => { :needs_view => true, :reason => "Vandalism" } }
     end
     assert_redirected_to user_block_path(:id => active_block.id)
     assert_equal "Block updated.", flash[:notice]
@@ -323,7 +323,7 @@ class UserBlocksControllerTest < ActionController::TestCase
     end
 
     # We should get an error if the block doesn't exist
-    put :update, :id => 99999
+    put :update, :params => { :id => 99999 }
     assert_response :not_found
     assert_template "not_found"
     assert_select "p", "Sorry, the user block with ID 99999 could not be found."
@@ -335,14 +335,14 @@ class UserBlocksControllerTest < ActionController::TestCase
     active_block = create(:user_block)
 
     # Check that the block revoke page requires us to login
-    get :revoke, :id => active_block.id
+    get :revoke, :params => { :id => active_block.id }
     assert_redirected_to login_path(:referer => revoke_user_block_path(:id => active_block.id))
 
     # Login as a normal user
     session[:user] = create(:user).id
 
     # Check that normal users can't load the block revoke page
-    get :revoke, :id => active_block.id
+    get :revoke, :params => { :id => active_block.id }
     assert_redirected_to user_blocks_path
     assert_equal "You need to be a moderator to perform that action.", flash[:error]
 
@@ -350,7 +350,7 @@ class UserBlocksControllerTest < ActionController::TestCase
     session[:user] = create(:moderator_user).id
 
     # Check that the block revoke page loads for moderators
-    get :revoke, :id => active_block.id
+    get :revoke, :params => { :id => active_block.id }
     assert_response :success
     assert_template "revoke"
     assert_select "form", :count => 1 do
@@ -359,7 +359,7 @@ class UserBlocksControllerTest < ActionController::TestCase
     end
 
     # Check that revoking a block works
-    post :revoke, :id => active_block.id, :confirm => true
+    post :revoke, :params => { :id => active_block.id, :confirm => true }
     assert_redirected_to user_block_path(:id => active_block.id)
     b = UserBlock.find(active_block.id)
     assert_in_delta Time.now, b.ends_at, 1
@@ -370,7 +370,7 @@ class UserBlocksControllerTest < ActionController::TestCase
     end
 
     # We should get an error if the block doesn't exist
-    get :revoke, :id => 99999
+    get :revoke, :params => { :id => 99999 }
     assert_response :not_found
     assert_template "not_found"
     assert_select "p", "Sorry, the user block with ID 99999 could not be found."
@@ -392,19 +392,19 @@ class UserBlocksControllerTest < ActionController::TestCase
     end
 
     # Asking for a list of blocks with a bogus user name should fail
-    get :blocks_on, :display_name => "non_existent_user"
+    get :blocks_on, :params => { :display_name => "non_existent_user" }
     assert_response :not_found
     assert_template "user/no_such_user"
     assert_select "h1", "The user non_existent_user does not exist"
 
     # Check the list of blocks for a user that has never been blocked
-    get :blocks_on, :display_name => normal_user.display_name
+    get :blocks_on, :params => { :display_name => normal_user.display_name }
     assert_response :success
     assert_select "table#block_list", false
     assert_select "p", "#{normal_user.display_name} has not been blocked yet."
 
     # Check the list of blocks for a user that is currently blocked
-    get :blocks_on, :display_name => blocked_user.display_name
+    get :blocks_on, :params => { :display_name => blocked_user.display_name }
     assert_response :success
     assert_select "table#block_list", :count => 1 do
       assert_select "tr", 3
@@ -413,7 +413,7 @@ class UserBlocksControllerTest < ActionController::TestCase
     end
 
     # Check the list of blocks for a user that has previously been blocked
-    get :blocks_on, :display_name => unblocked_user.display_name
+    get :blocks_on, :params => { :display_name => unblocked_user.display_name }
     assert_response :success
     assert_select "table#block_list", :count => 1 do
       assert_select "tr", 2
@@ -437,13 +437,13 @@ class UserBlocksControllerTest < ActionController::TestCase
     end
 
     # Asking for a list of blocks with a bogus user name should fail
-    get :blocks_by, :display_name => "non_existent_user"
+    get :blocks_by, :params => { :display_name => "non_existent_user" }
     assert_response :not_found
     assert_template "user/no_such_user"
     assert_select "h1", "The user non_existent_user does not exist"
 
     # Check the list of blocks given by one moderator
-    get :blocks_by, :display_name => moderator_user.display_name
+    get :blocks_by, :params => { :display_name => moderator_user.display_name }
     assert_response :success
     assert_select "table#block_list", :count => 1 do
       assert_select "tr", 2
@@ -451,7 +451,7 @@ class UserBlocksControllerTest < ActionController::TestCase
     end
 
     # Check the list of blocks given by a different moderator
-    get :blocks_by, :display_name => second_moderator_user.display_name
+    get :blocks_by, :params => { :display_name => second_moderator_user.display_name }
     assert_response :success
     assert_select "table#block_list", :count => 1 do
       assert_select "tr", 3
@@ -460,7 +460,7 @@ class UserBlocksControllerTest < ActionController::TestCase
     end
 
     # Check the list of blocks (not) given by a normal user
-    get :blocks_by, :display_name => normal_user.display_name
+    get :blocks_by, :params => { :display_name => normal_user.display_name }
     assert_response :success
     assert_select "table#block_list", false
     assert_select "p", "#{normal_user.display_name} has not made any blocks yet."
diff --git a/test/controllers/user_controller_test.rb b/test/controllers/user_controller_test.rb
index 51f8dfd40..7c79717f3 100644
--- a/test/controllers/user_controller_test.rb
+++ b/test/controllers/user_controller_test.rb
@@ -188,7 +188,7 @@ class UserControllerTest < ActionController::TestCase
     assert_response :redirect
     assert_redirected_to user_new_path(:cookie_test => "true")
 
-    get :new, { :cookie_test => "true" }, { :cookie_test => true }
+    get :new, :params => { :cookie_test => "true" }, :session => { :cookie_test => true }
     assert_response :success
 
     assert_select "html", :count => 1 do
@@ -216,14 +216,14 @@ class UserControllerTest < ActionController::TestCase
     get :new
     assert_response :redirect
     assert_redirected_to user_new_path(:cookie_test => "true")
-    get :new, :cookie_test => "true"
+    get :new, :params => { :cookie_test => "true" }
     assert_response :redirect
     assert_redirected_to root_path
 
-    get :new, :referer => "/test"
+    get :new, :params => { :referer => "/test" }
     assert_response :redirect
     assert_redirected_to user_new_path(:referer => "/test", :cookie_test => "true")
-    get :new, :referer => "/test", :cookie_test => "true"
+    get :new, :params => { :referer => "/test", :cookie_test => "true" }
     assert_response :redirect
     assert_redirected_to "/test"
   end
@@ -233,7 +233,7 @@ class UserControllerTest < ActionController::TestCase
 
     assert_difference "User.count", 1 do
       assert_difference "ActionMailer::Base.deliveries.size", 1 do
-        post :save, {}, { :new_user => user }
+        post :save, :session => { :new_user => user }
       end
     end
 
@@ -255,7 +255,7 @@ class UserControllerTest < ActionController::TestCase
 
     assert_no_difference "User.count" do
       assert_no_difference "ActionMailer::Base.deliveries.size" do
-        post :save, {}, { :new_user => user }
+        post :save, :session => { :new_user => user }
       end
     end
 
@@ -270,7 +270,7 @@ class UserControllerTest < ActionController::TestCase
 
     assert_no_difference "User.count" do
       assert_no_difference "ActionMailer::Base.deliveries.size" do
-        post :save, {}, { :new_user => user }
+        post :save, :session => { :new_user => user }
       end
     end
 
@@ -285,7 +285,7 @@ class UserControllerTest < ActionController::TestCase
 
     assert_no_difference "User.count" do
       assert_no_difference "ActionMailer::Base.deliveries.size" do
-        post :save, {}, { :new_user => user }
+        post :save, :session => { :new_user => user }
       end
     end
 
@@ -300,7 +300,7 @@ class UserControllerTest < ActionController::TestCase
 
     assert_no_difference "User.count" do
       assert_no_difference "ActionMailer::Base.deliveries.size" do
-        post :save, {}, { :new_user => user }
+        post :save, :session => { :new_user => user }
       end
     end
 
@@ -314,8 +314,8 @@ class UserControllerTest < ActionController::TestCase
 
     assert_difference "User.count", 1 do
       assert_difference "ActionMailer::Base.deliveries.size", 1 do
-        post :save, {}, { :new_user => user,
-                          :referer => "/edit?editor=id#map=1/2/3" }
+        post :save, :session => { :new_user => user,
+                                  :referer => "/edit?editor=id#map=1/2/3" }
       end
     end
 
@@ -333,20 +333,20 @@ class UserControllerTest < ActionController::TestCase
 
     session_id = assert_select("input[name=session]").first["value"]
 
-    get :logout, :session => session_id
+    get :logout, :params => { :session => session_id }
     assert_response :redirect
     assert_redirected_to root_path
   end
 
   def test_logout_with_referer
-    get :logout, :referer => "/test"
+    get :logout, :params => { :referer => "/test" }
     assert_response :success
     assert_template :logout
     assert_select "input[name=referer][value=?]", "/test"
 
     session_id = assert_select("input[name=session]").first["value"]
 
-    get :logout, :session => session_id, :referer => "/test"
+    get :logout, :params => { :session => session_id, :referer => "/test" }
     assert_response :redirect
     assert_redirected_to "/test"
   end
@@ -365,7 +365,7 @@ class UserControllerTest < ActionController::TestCase
 
     session_id = assert_select("input[name=session]").first["value"]
 
-    get :logout, :session => session_id
+    get :logout, :params => { :session => session_id }
     assert_response :redirect
     assert_redirected_to root_path
     assert_nil session[:token]
@@ -377,7 +377,7 @@ class UserControllerTest < ActionController::TestCase
     confirm_string = user.tokens.create.token
 
     @request.cookies["_osm_session"] = user.display_name
-    get :confirm, :display_name => user.display_name, :confirm_string => confirm_string
+    get :confirm, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
     assert_response :success
     assert_template :confirm
   end
@@ -387,7 +387,7 @@ class UserControllerTest < ActionController::TestCase
     confirm_string = user.tokens.create.token
 
     @request.cookies["_osm_session"] = user.display_name
-    get :confirm, :display_name => user.display_name, :confirm_string => confirm_string
+    get :confirm, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
     assert_response :redirect
     assert_redirected_to root_path
   end
@@ -398,7 +398,7 @@ class UserControllerTest < ActionController::TestCase
     confirm_string = user.tokens.create.token
 
     @request.cookies["_osm_session"] = user.display_name
-    post :confirm, :display_name => user.display_name, :confirm_string => confirm_string
+    post :confirm, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
     assert_redirected_to login_path
     assert_match /Confirmed your account/, flash[:notice]
   end
@@ -410,7 +410,7 @@ class UserControllerTest < ActionController::TestCase
     token = user.tokens.create.token
 
     @request.cookies["_osm_session"] = user.display_name
-    post :confirm, { :display_name => user.display_name, :confirm_string => confirm_string }, { :token => token }
+    post :confirm, :params => { :display_name => user.display_name, :confirm_string => confirm_string }, :session => { :token => token }
     assert_redirected_to welcome_path
   end
 
@@ -421,7 +421,7 @@ class UserControllerTest < ActionController::TestCase
     token = create(:user).tokens.create.token
 
     @request.cookies["_osm_session"] = user.display_name
-    post :confirm, { :display_name => user.display_name, :confirm_string => confirm_string }, { :token => token }
+    post :confirm, :params => { :display_name => user.display_name, :confirm_string => confirm_string }, :session => { :token => token }
     assert_redirected_to login_path
     assert_match /Confirmed your account/, flash[:notice]
   end
@@ -432,7 +432,7 @@ class UserControllerTest < ActionController::TestCase
     confirm_string = user.tokens.create(:referer => diary_new_path).token
 
     @request.cookies["_osm_session"] = user.display_name
-    post :confirm, :display_name => user.display_name, :confirm_string => confirm_string
+    post :confirm, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
     assert_redirected_to login_path(:referer => diary_new_path)
     assert_match /Confirmed your account/, flash[:notice]
   end
@@ -444,7 +444,7 @@ class UserControllerTest < ActionController::TestCase
     token = user.tokens.create.token
 
     @request.cookies["_osm_session"] = user.display_name
-    post :confirm, { :display_name => user.display_name, :confirm_string => confirm_string }, { :token => token }
+    post :confirm, :params => { :display_name => user.display_name, :confirm_string => confirm_string }, :session => { :token => token }
     assert_redirected_to diary_new_path
   end
 
@@ -455,7 +455,7 @@ class UserControllerTest < ActionController::TestCase
     token = create(:user).tokens.create.token
 
     @request.cookies["_osm_session"] = user.display_name
-    post :confirm, { :display_name => user.display_name, :confirm_string => confirm_string }, { :token => token }
+    post :confirm, :params => { :display_name => user.display_name, :confirm_string => confirm_string }, :session => { :token => token }
     assert_redirected_to login_path(:referer => diary_new_path)
     assert_match /Confirmed your account/, flash[:notice]
   end
@@ -465,7 +465,7 @@ class UserControllerTest < ActionController::TestCase
     confirm_string = user.tokens.create(:expiry => 1.day.ago).token
 
     @request.cookies["_osm_session"] = user.display_name
-    post :confirm, :display_name => user.display_name, :confirm_string => confirm_string
+    post :confirm, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
     assert_redirected_to :action => "confirm"
     assert_match /confirmation code has expired/, flash[:error]
   end
@@ -475,7 +475,7 @@ class UserControllerTest < ActionController::TestCase
     confirm_string = user.tokens.create(:referer => diary_new_path).token
 
     @request.cookies["_osm_session"] = user.display_name
-    post :confirm, :display_name => user.display_name, :confirm_string => confirm_string
+    post :confirm, :params => { :display_name => user.display_name, :confirm_string => confirm_string }
     assert_redirected_to :action => "login"
     assert_match /already been confirmed/, flash[:error]
   end
@@ -485,7 +485,7 @@ class UserControllerTest < ActionController::TestCase
     session[:token] = user.tokens.create.token
 
     assert_difference "ActionMailer::Base.deliveries.size", 1 do
-      get :confirm_resend, :display_name => user.display_name
+      get :confirm_resend, :params => { :display_name => user.display_name }
     end
 
     assert_response :redirect
@@ -502,7 +502,7 @@ class UserControllerTest < ActionController::TestCase
   def test_confirm_resend_no_token
     user = create(:user, :pending)
     assert_no_difference "ActionMailer::Base.deliveries.size" do
-      get :confirm_resend, :display_name => user.display_name
+      get :confirm_resend, :params => { :display_name => user.display_name }
     end
 
     assert_response :redirect
@@ -512,7 +512,7 @@ class UserControllerTest < ActionController::TestCase
 
   def test_confirm_resend_unknown_user
     assert_no_difference "ActionMailer::Base.deliveries.size" do
-      get :confirm_resend, :display_name => "No Such User"
+      get :confirm_resend, :params => { :display_name => "No Such User" }
     end
 
     assert_response :redirect
@@ -524,7 +524,7 @@ class UserControllerTest < ActionController::TestCase
     user = create(:user)
     confirm_string = user.tokens.create.token
 
-    get :confirm_email, :confirm_string => confirm_string
+    get :confirm_email, :params => { :confirm_string => confirm_string }
     assert_response :success
     assert_template :confirm_email
   end
@@ -534,7 +534,7 @@ class UserControllerTest < ActionController::TestCase
     stub_gravatar_request(user.new_email)
     confirm_string = user.tokens.create.token
 
-    post :confirm_email, :confirm_string => confirm_string
+    post :confirm_email, :params => { :confirm_string => confirm_string }
     assert_response :redirect
     assert_redirected_to :action => :account, :display_name => user.display_name
     assert_match /Confirmed your change of email address/, flash[:notice]
@@ -544,14 +544,14 @@ class UserControllerTest < ActionController::TestCase
     user = create(:user)
     confirm_string = user.tokens.create.token
 
-    post :confirm_email, :confirm_string => confirm_string
+    post :confirm_email, :params => { :confirm_string => confirm_string }
     assert_response :redirect
     assert_redirected_to :action => :account, :display_name => user.display_name
     assert_match /already been confirmed/, flash[:error]
   end
 
   def test_confirm_email_bad_token
-    post :confirm_email, :confirm_string => "XXXXX"
+    post :confirm_email, :params => { :confirm_string => "XXXXX" }
     assert_response :success
     assert_template :confirm_email
     assert_match /confirmation code has expired or does not exist/, flash[:error]
@@ -568,7 +568,7 @@ class UserControllerTest < ActionController::TestCase
     confirm_string = user.tokens.create.token
     # precondition gravatar should be turned off
     assert !user.image_use_gravatar
-    post :confirm_email, :confirm_string => confirm_string
+    post :confirm_email, :params => { :confirm_string => confirm_string }
     assert_response :redirect
     assert_redirected_to :action => :account, :display_name => user.display_name
     assert_match /Confirmed your change of email address/, flash[:notice]
@@ -583,7 +583,7 @@ class UserControllerTest < ActionController::TestCase
     confirm_string = user.tokens.create.token
     # precondition gravatar should be turned on
     assert user.image_use_gravatar
-    post :confirm_email, :confirm_string => confirm_string
+    post :confirm_email, :params => { :confirm_string => confirm_string }
     assert_response :redirect
     assert_redirected_to :action => :account, :display_name => user.display_name
     assert_match /Confirmed your change of email address/, flash[:notice]
@@ -592,7 +592,7 @@ class UserControllerTest < ActionController::TestCase
   end
 
   def test_terms_new_user
-    get :terms, {}, { :new_user => User.new }
+    get :terms, :session => { :new_user => User.new }
     assert_response :success
     assert_template :terms
   end
@@ -616,7 +616,7 @@ class UserControllerTest < ActionController::TestCase
     assert_response :success
     assert_template :terms
 
-    post :save, :user => { :consider_pd => true }
+    post :save, :params => { :user => { :consider_pd => true } }
     assert_response :redirect
     assert_redirected_to :action => :account, :display_name => user.display_name
     assert_equal "Thanks for accepting the new contributor terms!", flash[:notice]
@@ -633,11 +633,11 @@ class UserControllerTest < ActionController::TestCase
 
     session[:user] = user.id
 
-    get :terms, :referer => "/test"
+    get :terms, :params => { :referer => "/test" }
     assert_response :success
     assert_template :terms
 
-    post :save, :user => { :consider_pd => true }, :referer => "/test"
+    post :save, :params => { :user => { :consider_pd => true }, :referer => "/test" }
     assert_response :redirect
     assert_redirected_to "/test"
     assert_equal "Thanks for accepting the new contributor terms!", flash[:notice]
@@ -651,7 +651,7 @@ class UserControllerTest < ActionController::TestCase
 
   def test_go_public
     user = create(:user, :data_public => false)
-    post :go_public, {}, { :user => user }
+    post :go_public, :session => { :user => user }
     assert_response :redirect
     assert_redirected_to :action => :account, :display_name => user.display_name
     assert_equal true, User.find(user.id).data_public
@@ -670,7 +670,7 @@ class UserControllerTest < ActionController::TestCase
     uppercase_user = build(:user, :email => user.email.upcase).tap { |u| u.save(:validate => false) }
 
     assert_difference "ActionMailer::Base.deliveries.size", 1 do
-      post :lost_password, :user => { :email => user.email }
+      post :lost_password, :params => { :user => { :email => user.email } }
     end
     assert_response :redirect
     assert_redirected_to :action => :login
@@ -683,7 +683,7 @@ class UserControllerTest < ActionController::TestCase
     # Test resetting using an address that matches a different user
     # that has the same address in a different case
     assert_difference "ActionMailer::Base.deliveries.size", 1 do
-      post :lost_password, :user => { :email => user.email.upcase }
+      post :lost_password, :params => { :user => { :email => user.email.upcase } }
     end
     assert_response :redirect
     assert_redirected_to :action => :login
@@ -696,7 +696,7 @@ class UserControllerTest < ActionController::TestCase
     # Test resetting using an address that is a case insensitive match
     # for more than one user but not an exact match for either
     assert_no_difference "ActionMailer::Base.deliveries.size" do
-      post :lost_password, :user => { :email => user.email.titlecase }
+      post :lost_password, :params => { :user => { :email => user.email.titlecase } }
     end
     assert_response :success
     assert_template :lost_password
@@ -706,7 +706,7 @@ class UserControllerTest < ActionController::TestCase
     # address which is case insensitively unique
     third_user = create(:user)
     assert_difference "ActionMailer::Base.deliveries.size", 1 do
-      post :lost_password, :user => { :email => third_user.email }
+      post :lost_password, :params => { :user => { :email => third_user.email } }
     end
     assert_response :redirect
     assert_redirected_to :action => :login
@@ -719,7 +719,7 @@ class UserControllerTest < ActionController::TestCase
     # Test resetting using an address that matches a user that has the
     # same (case insensitively unique) address in a different case
     assert_difference "ActionMailer::Base.deliveries.size", 1 do
-      post :lost_password, :user => { :email => third_user.email.upcase }
+      post :lost_password, :params => { :user => { :email => third_user.email.upcase } }
     end
     assert_response :redirect
     assert_redirected_to :action => :login
@@ -737,7 +737,7 @@ class UserControllerTest < ActionController::TestCase
     assert_response :bad_request
 
     # Test a request with a bogus token
-    get :reset_password, :token => "made_up_token"
+    get :reset_password, :params => { :token => "made_up_token" }
     assert_response :redirect
     assert_redirected_to :action => :lost_password
 
@@ -745,12 +745,12 @@ class UserControllerTest < ActionController::TestCase
     token = user.tokens.create
 
     # Test a request with a valid token
-    get :reset_password, :token => token.token
+    get :reset_password, :params => { :token => token.token }
     assert_response :success
     assert_template :reset_password
 
     # Test setting a new password
-    post :reset_password, :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" }
+    post :reset_password, :params => { :token => token.token, :user => { :pass_crypt => "new_password", :pass_crypt_confirmation => "new_password" } }
     assert_response :redirect
     assert_redirected_to root_path
     assert_equal user.id, session[:user]
@@ -770,22 +770,23 @@ class UserControllerTest < ActionController::TestCase
 
     # Make sure that you are redirected to the login page when
     # you are not logged in
-    get :account, :display_name => user.display_name
+    get :account, :params => { :display_name => user.display_name }
     assert_response :redirect
     assert_redirected_to :controller => :user, :action => "login", :referer => "/user/#{URI.encode(user.display_name)}/account"
 
     # Make sure that you are blocked when not logged in as the right user
-    get :account, { :display_name => user.display_name }, { :user => create(:user) }
+    get :account, :params => { :display_name => user.display_name }, :session => { :user => create(:user) }
     assert_response :forbidden
 
     # Make sure we get the page when we are logged in as the right user
-    get :account, { :display_name => user.display_name }, { :user => user }
+    get :account, :params => { :display_name => user.display_name }, :session => { :user => user }
     assert_response :success
     assert_template :account
 
     # Updating the description should work
     user.description = "new description"
-    post :account, { :display_name => user.display_name, :user => user.attributes }, { :user => user }
+    user.preferred_editor = "default"
+    post :account, :params => { :display_name => user.display_name, :user => user.attributes }, :session => { :user => user }
     assert_response :success
     assert_template :account
     assert_select "div#errorExplanation", false
@@ -794,7 +795,7 @@ class UserControllerTest < ActionController::TestCase
 
     # Changing to a invalid editor should fail
     user.preferred_editor = "unknown"
-    post :account, { :display_name => user.display_name, :user => user.attributes }, { :user => user }
+    post :account, :params => { :display_name => user.display_name, :user => user.attributes }, :session => { :user => user }
     assert_response :success
     assert_template :account
     assert_select ".notice", false
@@ -803,7 +804,7 @@ class UserControllerTest < ActionController::TestCase
 
     # Changing to a valid editor should work
     user.preferred_editor = "potlatch2"
-    post :account, { :display_name => user.display_name, :user => user.attributes }, { :user => user }
+    post :account, :params => { :display_name => user.display_name, :user => user.attributes }, :session => { :user => user }
     assert_response :success
     assert_template :account
     assert_select "div#errorExplanation", false
@@ -812,7 +813,7 @@ class UserControllerTest < ActionController::TestCase
 
     # Changing to the default editor should work
     user.preferred_editor = "default"
-    post :account, { :display_name => user.display_name, :user => user.attributes }, { :user => user }
+    post :account, :params => { :display_name => user.display_name, :user => user.attributes }, :session => { :user => user }
     assert_response :success
     assert_template :account
     assert_select "div#errorExplanation", false
@@ -821,7 +822,7 @@ class UserControllerTest < ActionController::TestCase
 
     # Changing to an uploaded image should work
     image = Rack::Test::UploadedFile.new("test/gpx/fixtures/a.gif", "image/gif")
-    post :account, { :display_name => user.display_name, :image_action => "new", :user => user.attributes.merge(:image => image) }, { :user => user }
+    post :account, :params => { :display_name => user.display_name, :image_action => "new", :user => user.attributes.merge(:image => image) }, :session => { :user => user }
     assert_response :success
     assert_template :account
     assert_select "div#errorExplanation", false
@@ -829,7 +830,7 @@ class UserControllerTest < ActionController::TestCase
     assert_select "form#accountForm > fieldset > div.form-row.accountImage input[name=image_action][checked][value=?]", "keep"
 
     # Changing to a gravatar image should work
-    post :account, { :display_name => user.display_name, :image_action => "gravatar", :user => user.attributes }, { :user => user }
+    post :account, :params => { :display_name => user.display_name, :image_action => "gravatar", :user => user.attributes }, :session => { :user => user }
     assert_response :success
     assert_template :account
     assert_select "div#errorExplanation", false
@@ -837,7 +838,7 @@ class UserControllerTest < ActionController::TestCase
     assert_select "form#accountForm > fieldset > div.form-row.accountImage input[name=image_action][checked][value=?]", "gravatar"
 
     # Removing the image should work
-    post :account, { :display_name => user.display_name, :image_action => "delete", :user => user.attributes }, { :user => user }
+    post :account, :params => { :display_name => user.display_name, :image_action => "delete", :user => user.attributes }, :session => { :user => user }
     assert_response :success
     assert_template :account
     assert_select "div#errorExplanation", false
@@ -845,13 +846,13 @@ class UserControllerTest < ActionController::TestCase
     assert_select "form#accountForm > fieldset > div.form-row.accountImage input[name=image_action][checked]", false
 
     # Adding external authentication should redirect to the auth provider
-    post :account, { :display_name => user.display_name, :user => user.attributes.merge(:auth_provider => "openid", :auth_uid => "gmail.com") }, { :user => user }
+    post :account, :params => { :display_name => user.display_name, :user => user.attributes.merge(:auth_provider => "openid", :auth_uid => "gmail.com") }, :session => { :user => user }
     assert_response :redirect
     assert_redirected_to auth_path(:provider => "openid", :openid_url => "https://www.google.com/accounts/o8/id", :origin => "/user/#{URI.encode(user.display_name)}/account")
 
     # Changing name to one that exists should fail
     new_attributes = user.attributes.dup.merge(:display_name => create(:user).display_name)
-    post :account, { :display_name => user.display_name, :user => new_attributes }, { :user => user }
+    post :account, :params => { :display_name => user.display_name, :user => new_attributes }, :session => { :user => user }
     assert_response :success
     assert_template :account
     assert_select ".notice", false
@@ -860,7 +861,7 @@ class UserControllerTest < ActionController::TestCase
 
     # Changing name to one that exists should fail, regardless of case
     new_attributes = user.attributes.dup.merge(:display_name => create(:user).display_name.upcase)
-    post :account, { :display_name => user.display_name, :user => new_attributes }, { :user => user }
+    post :account, :params => { :display_name => user.display_name, :user => new_attributes }, :session => { :user => user }
     assert_response :success
     assert_template :account
     assert_select ".notice", false
@@ -869,7 +870,7 @@ class UserControllerTest < ActionController::TestCase
 
     # Changing name to one that doesn't exist should work
     new_attributes = user.attributes.dup.merge(:display_name => "new tester")
-    post :account, { :display_name => user.display_name, :user => new_attributes }, { :user => user }
+    post :account, :params => { :display_name => user.display_name, :user => new_attributes }, :session => { :user => user }
     assert_response :success
     assert_template :account
     assert_select "div#errorExplanation", false
@@ -882,7 +883,7 @@ class UserControllerTest < ActionController::TestCase
     # Changing email to one that exists should fail
     user.new_email = create(:user).email
     assert_no_difference "ActionMailer::Base.deliveries.size" do
-      post :account, { :display_name => user.display_name, :user => user.attributes }, { :user => user }
+      post :account, :params => { :display_name => user.display_name, :user => user.attributes }, :session => { :user => user }
     end
     assert_response :success
     assert_template :account
@@ -893,7 +894,7 @@ class UserControllerTest < ActionController::TestCase
     # Changing email to one that exists should fail, regardless of case
     user.new_email = create(:user).email.upcase
     assert_no_difference "ActionMailer::Base.deliveries.size" do
-      post :account, { :display_name => user.display_name, :user => user.attributes }, { :user => user }
+      post :account, :params => { :display_name => user.display_name, :user => user.attributes }, :session => { :user => user }
     end
     assert_response :success
     assert_template :account
@@ -904,7 +905,7 @@ class UserControllerTest < ActionController::TestCase
     # Changing email to one that doesn't exist should work
     user.new_email = "new_tester@example.com"
     assert_difference "ActionMailer::Base.deliveries.size", 1 do
-      post :account, { :display_name => user.display_name, :user => user.attributes }, { :user => user }
+      post :account, :params => { :display_name => user.display_name, :user => user.attributes }, :session => { :user => user }
     end
     assert_response :success
     assert_template :account
@@ -921,12 +922,12 @@ class UserControllerTest < ActionController::TestCase
   # information for the user
   def test_view
     # Test a non-existent user
-    get :view, :display_name => "unknown"
+    get :view, :params => { :display_name => "unknown" }
     assert_response :not_found
 
     # Test a normal user
     user = create(:user)
-    get :view, :display_name => user.display_name
+    get :view, :params => { :display_name => user.display_name }
     assert_response :success
     assert_select "div#userinformation" do
       assert_select "a[href^='/user/#{URI.encode(user.display_name)}/history']", 1
@@ -942,7 +943,7 @@ class UserControllerTest < ActionController::TestCase
     # Test a user who has been blocked
     blocked_user = create(:user)
     create(:user_block, :user => blocked_user)
-    get :view, :display_name => blocked_user.display_name
+    get :view, :params => { :display_name => blocked_user.display_name }
     assert_response :success
     assert_select "div#userinformation" do
       assert_select "a[href^='/user/#{URI.encode(blocked_user.display_name)}/history']", 1
@@ -958,7 +959,7 @@ class UserControllerTest < ActionController::TestCase
     # Test a moderator who has applied blocks
     moderator_user = create(:moderator_user)
     create(:user_block, :creator => moderator_user)
-    get :view, :display_name => moderator_user.display_name
+    get :view, :params => { :display_name => moderator_user.display_name }
     assert_response :success
     assert_select "div#userinformation" do
       assert_select "a[href^='/user/#{URI.encode(moderator_user.display_name)}/history']", 1
@@ -975,7 +976,7 @@ class UserControllerTest < ActionController::TestCase
     session[:user] = user.id
 
     # Test the normal user
-    get :view, :display_name => user.display_name
+    get :view, :params => { :display_name => user.display_name }
     assert_response :success
     assert_select "div#userinformation" do
       assert_select "a[href^='/user/#{URI.encode(user.display_name)}/history']", 1
@@ -992,7 +993,7 @@ class UserControllerTest < ActionController::TestCase
     session[:user] = create(:moderator_user).id
 
     # Test the normal user
-    get :view, :display_name => user.display_name
+    get :view, :params => { :display_name => user.display_name }
     assert_response :success
     assert_select "div#userinformation" do
       assert_select "a[href^='/user/#{URI.encode(user.display_name)}/history']", 1
@@ -1009,7 +1010,7 @@ class UserControllerTest < ActionController::TestCase
   def test_api_read
     user = create(:user, :description => "test", :terms_agreed => Date.yesterday)
     # check that a visible user is returned properly
-    get :api_read, :id => user.id
+    get :api_read, :params => { :id => user.id }
     assert_response :success
     assert_equal "text/xml", response.content_type
 
@@ -1042,15 +1043,15 @@ class UserControllerTest < ActionController::TestCase
     assert_select "messages", false
 
     # check that a suspended user is not returned
-    get :api_read, :id => create(:user, :suspended).id
+    get :api_read, :params => { :id => create(:user, :suspended).id }
     assert_response :gone
 
     # check that a deleted user is not returned
-    get :api_read, :id => create(:user, :deleted).id
+    get :api_read, :params => { :id => create(:user, :deleted).id }
     assert_response :gone
 
     # check that a non-existent user is not returned
-    get :api_read, :id => 0
+    get :api_read, :params => { :id => 0 }
     assert_response :not_found
   end
 
@@ -1142,16 +1143,16 @@ class UserControllerTest < ActionController::TestCase
     assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
 
     # When not logged in a GET should ask us to login
-    get :make_friend, :display_name => friend.display_name
+    get :make_friend, :params => { :display_name => friend.display_name }
     assert_redirected_to :controller => :user, :action => "login", :referer => make_friend_path(:display_name => friend.display_name)
 
     # When not logged in a POST should error
-    post :make_friend, :display_name => friend.display_name
+    post :make_friend, :params => { :display_name => friend.display_name }
     assert_response :forbidden
     assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
 
     # When logged in a GET should get a confirmation page
-    get :make_friend, { :display_name => friend.display_name }, { :user => user }
+    get :make_friend, :params => { :display_name => friend.display_name }, :session => { :user => user }
     assert_response :success
     assert_template :make_friend
     assert_select "form" do
@@ -1162,7 +1163,7 @@ class UserControllerTest < ActionController::TestCase
 
     # When logged in a POST should add the friendship
     assert_difference "ActionMailer::Base.deliveries.size", 1 do
-      post :make_friend, { :display_name => friend.display_name }, { :user => user }
+      post :make_friend, :params => { :display_name => friend.display_name }, :session => { :user => user }
     end
     assert_redirected_to user_path(:display_name => friend.display_name)
     assert_match /is now your friend/, flash[:notice]
@@ -1174,7 +1175,7 @@ class UserControllerTest < ActionController::TestCase
 
     # A second POST should report that the friendship already exists
     assert_no_difference "ActionMailer::Base.deliveries.size" do
-      post :make_friend, { :display_name => friend.display_name }, { :user => user }
+      post :make_friend, :params => { :display_name => friend.display_name }, :session => { :user => user }
     end
     assert_redirected_to user_path(:display_name => friend.display_name)
     assert_match /You are already friends with/, flash[:warning]
@@ -1190,7 +1191,7 @@ class UserControllerTest < ActionController::TestCase
     assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
 
     # The GET should preserve any referer
-    get :make_friend, { :display_name => friend.display_name, :referer => "/test" }, { :user => user }
+    get :make_friend, :params => { :display_name => friend.display_name, :referer => "/test" }, :session => { :user => user }
     assert_response :success
     assert_template :make_friend
     assert_select "form" do
@@ -1201,7 +1202,7 @@ class UserControllerTest < ActionController::TestCase
 
     # When logged in a POST should add the friendship and refer us
     assert_difference "ActionMailer::Base.deliveries.size", 1 do
-      post :make_friend, { :display_name => friend.display_name, :referer => "/test" }, { :user => user }
+      post :make_friend, :params => { :display_name => friend.display_name, :referer => "/test" }, :session => { :user => user }
     end
     assert_redirected_to "/test"
     assert_match /is now your friend/, flash[:notice]
@@ -1214,7 +1215,7 @@ class UserControllerTest < ActionController::TestCase
 
   def test_make_friend_unkown_user
     # Should error when a bogus user is specified
-    get :make_friend, { :display_name => "No Such User" }, { :user => create(:user) }
+    get :make_friend, :params => { :display_name => "No Such User" }, :session => { :user => create(:user) }
     assert_response :not_found
     assert_template :no_such_user
   end
@@ -1229,16 +1230,16 @@ class UserControllerTest < ActionController::TestCase
     assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
 
     # When not logged in a GET should ask us to login
-    get :remove_friend, :display_name => friend.display_name
+    get :remove_friend, :params => { :display_name => friend.display_name }
     assert_redirected_to :controller => :user, :action => "login", :referer => remove_friend_path(:display_name => friend.display_name)
 
     # When not logged in a POST should error
-    post :remove_friend, :display_name => friend.display_name
+    post :remove_friend, :params => { :display_name => friend.display_name }
     assert_response :forbidden
     assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
 
     # When logged in a GET should get a confirmation page
-    get :remove_friend, { :display_name => friend.display_name }, { :user => user }
+    get :remove_friend, :params => { :display_name => friend.display_name }, :session => { :user => user }
     assert_response :success
     assert_template :remove_friend
     assert_select "form" do
@@ -1248,13 +1249,13 @@ class UserControllerTest < ActionController::TestCase
     assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
 
     # When logged in a POST should remove the friendship
-    post :remove_friend, { :display_name => friend.display_name }, { :user => user }
+    post :remove_friend, :params => { :display_name => friend.display_name }, :session => { :user => user }
     assert_redirected_to user_path(:display_name => friend.display_name)
     assert_match /was removed from your friends/, flash[:notice]
     assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
 
     # A second POST should report that the friendship does not exist
-    post :remove_friend, { :display_name => friend.display_name }, { :user => user }
+    post :remove_friend, :params => { :display_name => friend.display_name }, :session => { :user => user }
     assert_redirected_to user_path(:display_name => friend.display_name)
     assert_match /is not one of your friends/, flash[:error]
     assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
@@ -1270,7 +1271,7 @@ class UserControllerTest < ActionController::TestCase
     assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
 
     # The GET should preserve any referer
-    get :remove_friend, { :display_name => friend.display_name, :referer => "/test" }, { :user => user }
+    get :remove_friend, :params => { :display_name => friend.display_name, :referer => "/test" }, :session => { :user => user }
     assert_response :success
     assert_template :remove_friend
     assert_select "form" do
@@ -1280,7 +1281,7 @@ class UserControllerTest < ActionController::TestCase
     assert Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
 
     # When logged in a POST should remove the friendship and refer
-    post :remove_friend, { :display_name => friend.display_name, :referer => "/test" }, { :user => user }
+    post :remove_friend, :params => { :display_name => friend.display_name, :referer => "/test" }, :session => { :user => user }
     assert_redirected_to "/test"
     assert_match /was removed from your friends/, flash[:notice]
     assert_nil Friend.where(:user_id => user.id, :friend_user_id => friend.id).first
@@ -1288,7 +1289,7 @@ class UserControllerTest < ActionController::TestCase
 
   def test_remove_friend_unkown_user
     # Should error when a bogus user is specified
-    get :remove_friend, { :display_name => "No Such User" }, { :user => create(:user) }
+    get :remove_friend, :params => { :display_name => "No Such User" }, :session => { :user => create(:user) }
     assert_response :not_found
     assert_template :no_such_user
   end
@@ -1297,17 +1298,17 @@ class UserControllerTest < ActionController::TestCase
     user = create(:user)
 
     # Try without logging in
-    get :set_status, :display_name => user.display_name, :status => "suspended"
+    get :set_status, :params => { :display_name => user.display_name, :status => "suspended" }
     assert_response :redirect
     assert_redirected_to :action => :login, :referer => set_status_user_path(:status => "suspended")
 
     # Now try as a normal user
-    get :set_status, { :display_name => user.display_name, :status => "suspended" }, { :user => user }
+    get :set_status, :params => { :display_name => user.display_name, :status => "suspended" }, :session => { :user => user }
     assert_response :redirect
     assert_redirected_to :action => :view, :display_name => user.display_name
 
     # Finally try as an administrator
-    get :set_status, { :display_name => user.display_name, :status => "suspended" }, { :user => create(:administrator_user) }
+    get :set_status, :params => { :display_name => user.display_name, :status => "suspended" }, :session => { :user => create(:administrator_user) }
     assert_response :redirect
     assert_redirected_to :action => :view, :display_name => user.display_name
     assert_equal "suspended", User.find(user.id).status
@@ -1317,17 +1318,17 @@ class UserControllerTest < ActionController::TestCase
     user = create(:user, :home_lat => 12.1, :home_lon => 12.1, :description => "test")
 
     # Try without logging in
-    get :delete, :display_name => user.display_name, :status => "suspended"
+    get :delete, :params => { :display_name => user.display_name, :status => "suspended" }
     assert_response :redirect
     assert_redirected_to :action => :login, :referer => delete_user_path(:status => "suspended")
 
     # Now try as a normal user
-    get :delete, { :display_name => user.display_name, :status => "suspended" }, { :user => user }
+    get :delete, :params => { :display_name => user.display_name, :status => "suspended" }, :session => { :user => user }
     assert_response :redirect
     assert_redirected_to :action => :view, :display_name => user.display_name
 
     # Finally try as an administrator
-    get :delete, { :display_name => user.display_name, :status => "suspended" }, { :user => create(:administrator_user) }
+    get :delete, :params => { :display_name => user.display_name, :status => "suspended" }, :session => { :user => create(:administrator_user) }
     assert_response :redirect
     assert_redirected_to :action => :view, :display_name => user.display_name
 
@@ -1385,13 +1386,13 @@ class UserControllerTest < ActionController::TestCase
     assert_select "table#user_list tr", :count => 7 + 1
 
     # Should be able to limit by status
-    get :list, :status => "suspended"
+    get :list, :params => { :status => "suspended" }
     assert_response :success
     assert_template :list
     assert_select "table#user_list tr", :count => 1 + 1
 
     # Should be able to limit by IP address
-    get :list, :ip => "1.2.3.4"
+    get :list, :params => { :ip => "1.2.3.4" }
     assert_response :success
     assert_template :list
     assert_select "table#user_list tr", :count => 1 + 1
@@ -1414,12 +1415,12 @@ class UserControllerTest < ActionController::TestCase
     assert_template :list
     assert_select "table#user_list tr", :count => 51
 
-    get :list, :page => 2
+    get :list, :params => { :page => 2 }
     assert_response :success
     assert_template :list
     assert_select "table#user_list tr", :count => 51
 
-    get :list, :page => 3
+    get :list, :params => { :page => 3 }
     assert_response :success
     assert_template :list
     assert_select "table#user_list tr", :count => 3
@@ -1431,10 +1432,10 @@ class UserControllerTest < ActionController::TestCase
 
     # Shouldn't work when not logged in
     assert_no_difference "User.active.count" do
-      post :list, :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 }
+      post :list, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
     end
     assert_response :redirect
-    assert_redirected_to :action => :login, :referer => users_path(:confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 })
+    assert_redirected_to :action => :login, :referer => users_path
     assert_equal "pending", inactive_user.reload.status
     assert_equal "suspended", suspended_user.reload.status
 
@@ -1442,10 +1443,10 @@ class UserControllerTest < ActionController::TestCase
 
     # Shouldn't work when logged in as a normal user
     assert_no_difference "User.active.count" do
-      post :list, :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 }
+      post :list, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
     end
     assert_response :redirect
-    assert_redirected_to :action => :login, :referer => users_path(:confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 })
+    assert_redirected_to :action => :login, :referer => users_path
     assert_equal "pending", inactive_user.reload.status
     assert_equal "suspended", suspended_user.reload.status
 
@@ -1453,10 +1454,10 @@ class UserControllerTest < ActionController::TestCase
 
     # Shouldn't work when logged in as a moderator
     assert_no_difference "User.active.count" do
-      post :list, :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 }
+      post :list, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
     end
     assert_response :redirect
-    assert_redirected_to :action => :login, :referer => users_path(:confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 })
+    assert_redirected_to :action => :login, :referer => users_path
     assert_equal "pending", inactive_user.reload.status
     assert_equal "suspended", suspended_user.reload.status
 
@@ -1464,7 +1465,7 @@ class UserControllerTest < ActionController::TestCase
 
     # Should work when logged in as an administrator
     assert_difference "User.active.count", 2 do
-      post :list, :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 }
+      post :list, :params => { :confirm => 1, :user => { inactive_user.id => 1, suspended_user.id => 1 } }
     end
     assert_response :redirect
     assert_redirected_to :action => :list
@@ -1478,10 +1479,10 @@ class UserControllerTest < ActionController::TestCase
 
     # Shouldn't work when not logged in
     assert_no_difference "User.active.count" do
-      post :list, :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 }
+      post :list, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
     end
     assert_response :redirect
-    assert_redirected_to :action => :login, :referer => users_path(:hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 })
+    assert_redirected_to :action => :login, :referer => users_path
     assert_equal "active", normal_user.reload.status
     assert_equal "confirmed", confirmed_user.reload.status
 
@@ -1489,10 +1490,10 @@ class UserControllerTest < ActionController::TestCase
 
     # Shouldn't work when logged in as a normal user
     assert_no_difference "User.active.count" do
-      post :list, :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 }
+      post :list, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
     end
     assert_response :redirect
-    assert_redirected_to :action => :login, :referer => users_path(:hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 })
+    assert_redirected_to :action => :login, :referer => users_path
     assert_equal "active", normal_user.reload.status
     assert_equal "confirmed", confirmed_user.reload.status
 
@@ -1500,10 +1501,10 @@ class UserControllerTest < ActionController::TestCase
 
     # Shouldn't work when logged in as a moderator
     assert_no_difference "User.active.count" do
-      post :list, :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 }
+      post :list, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
     end
     assert_response :redirect
-    assert_redirected_to :action => :login, :referer => users_path(:hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 })
+    assert_redirected_to :action => :login, :referer => users_path
     assert_equal "active", normal_user.reload.status
     assert_equal "confirmed", confirmed_user.reload.status
 
@@ -1511,7 +1512,7 @@ class UserControllerTest < ActionController::TestCase
 
     # Should work when logged in as an administrator
     assert_difference "User.active.count", -2 do
-      post :list, :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 }
+      post :list, :params => { :hide => 1, :user => { normal_user.id => 1, confirmed_user.id => 1 } }
     end
     assert_response :redirect
     assert_redirected_to :action => :list
diff --git a/test/controllers/user_preference_controller_test.rb b/test/controllers/user_preference_controller_test.rb
index ff6e19c38..2287993e8 100644
--- a/test/controllers/user_preference_controller_test.rb
+++ b/test/controllers/user_preference_controller_test.rb
@@ -70,20 +70,20 @@ class UserPreferenceControllerTest < ActionController::TestCase
     create(:user_preference, :user => user, :k => "key", :v => "value")
 
     # try a read without auth
-    get :read_one, :preference_key => "key"
+    get :read_one, :params => { :preference_key => "key" }
     assert_response :unauthorized, "should be authenticated"
 
     # authenticate as a user with preferences
     basic_authorization(user.email, "test")
 
     # try the read again
-    get :read_one, :preference_key => "key"
+    get :read_one, :params => { :preference_key => "key" }
     assert_response :success
     assert_equal "text/plain", @response.content_type
     assert_equal "value", @response.body
 
     # try the read again for a non-existent key
-    get :read_one, :preference_key => "unknown_key"
+    get :read_one, :params => { :preference_key => "unknown_key" }
     assert_response :not_found
   end
 
@@ -150,7 +150,7 @@ class UserPreferenceControllerTest < ActionController::TestCase
     # try a put without auth
     assert_no_difference "UserPreference.count" do
       content "new_value"
-      put :update_one, :preference_key => "new_key"
+      put :update_one, :params => { :preference_key => "new_key" }
     end
     assert_response :unauthorized, "should be authenticated"
     assert_raises ActiveRecord::RecordNotFound do
@@ -163,7 +163,7 @@ class UserPreferenceControllerTest < ActionController::TestCase
     # try adding a new preference
     assert_difference "UserPreference.count", 1 do
       content "new_value"
-      put :update_one, :preference_key => "new_key"
+      put :update_one, :params => { :preference_key => "new_key" }
     end
     assert_response :success
     assert_equal "text/plain", @response.content_type
@@ -173,7 +173,7 @@ class UserPreferenceControllerTest < ActionController::TestCase
     # try changing the value of a preference
     assert_no_difference "UserPreference.count" do
       content "newer_value"
-      put :update_one, :preference_key => "new_key"
+      put :update_one, :params => { :preference_key => "new_key" }
     end
     assert_response :success
     assert_equal "text/plain", @response.content_type
@@ -189,7 +189,7 @@ class UserPreferenceControllerTest < ActionController::TestCase
 
     # try a delete without auth
     assert_no_difference "UserPreference.count" do
-      delete :delete_one, :preference_key => "key"
+      delete :delete_one, :params => { :preference_key => "key" }
     end
     assert_response :unauthorized, "should be authenticated"
     assert_equal "value", UserPreference.find([user.id, "key"]).v
@@ -199,7 +199,7 @@ class UserPreferenceControllerTest < ActionController::TestCase
 
     # try the delete again
     assert_difference "UserPreference.count", -1 do
-      get :delete_one, :preference_key => "key"
+      get :delete_one, :params => { :preference_key => "key" }
     end
     assert_response :success
     assert_equal "text/plain", @response.content_type
@@ -210,7 +210,7 @@ class UserPreferenceControllerTest < ActionController::TestCase
 
     # try the delete again for the same key
     assert_no_difference "UserPreference.count" do
-      get :delete_one, :preference_key => "key"
+      get :delete_one, :params => { :preference_key => "key" }
     end
     assert_response :not_found
     assert_raises ActiveRecord::RecordNotFound do
diff --git a/test/controllers/user_roles_controller_test.rb b/test/controllers/user_roles_controller_test.rb
index c7e5926ad..f73fc9056 100644
--- a/test/controllers/user_roles_controller_test.rb
+++ b/test/controllers/user_roles_controller_test.rb
@@ -23,14 +23,14 @@ class UserRolesControllerTest < ActionController::TestCase
     super_user = create(:super_user)
 
     # Granting should fail when not logged in
-    post :grant, :display_name => target_user.display_name, :role => "moderator"
+    post :grant, :params => { :display_name => target_user.display_name, :role => "moderator" }
     assert_response :forbidden
 
     # Login as an unprivileged user
     session[:user] = normal_user.id
 
     # Granting should still fail
-    post :grant, :display_name => target_user.display_name, :role => "moderator"
+    post :grant, :params => { :display_name => target_user.display_name, :role => "moderator" }
     assert_redirected_to user_path(target_user.display_name)
     assert_equal "Only administrators can perform user role management, and you are not an administrator.", flash[:error]
 
@@ -40,7 +40,7 @@ class UserRolesControllerTest < ActionController::TestCase
     UserRole::ALL_ROLES.each do |role|
       # Granting a role to a non-existent user should fail
       assert_difference "UserRole.count", 0 do
-        post :grant, :display_name => "non_existent_user", :role => role
+        post :grant, :params => { :display_name => "non_existent_user", :role => role }
       end
       assert_response :not_found
       assert_template "user/no_such_user"
@@ -48,20 +48,20 @@ class UserRolesControllerTest < ActionController::TestCase
 
       # Granting a role to a user that already has it should fail
       assert_no_difference "UserRole.count" do
-        post :grant, :display_name => super_user.display_name, :role => role
+        post :grant, :params => { :display_name => super_user.display_name, :role => role }
       end
       assert_redirected_to user_path(super_user.display_name)
       assert_equal "The user already has role #{role}.", flash[:error]
 
       # Granting a role to a user that doesn't have it should work...
       assert_difference "UserRole.count", 1 do
-        post :grant, :display_name => target_user.display_name, :role => role
+        post :grant, :params => { :display_name => target_user.display_name, :role => role }
       end
       assert_redirected_to user_path(target_user.display_name)
 
       # ...but trying a second time should fail
       assert_no_difference "UserRole.count" do
-        post :grant, :display_name => target_user.display_name, :role => role
+        post :grant, :params => { :display_name => target_user.display_name, :role => role }
       end
       assert_redirected_to user_path(target_user.display_name)
       assert_equal "The user already has role #{role}.", flash[:error]
@@ -69,7 +69,7 @@ class UserRolesControllerTest < ActionController::TestCase
 
     # Granting a non-existent role should fail
     assert_difference "UserRole.count", 0 do
-      post :grant, :display_name => target_user.display_name, :role => "no_such_role"
+      post :grant, :params => { :display_name => target_user.display_name, :role => "no_such_role" }
     end
     assert_redirected_to user_path(target_user.display_name)
     assert_equal "The string `no_such_role' is not a valid role.", flash[:error]
@@ -84,14 +84,14 @@ class UserRolesControllerTest < ActionController::TestCase
     super_user = create(:super_user)
 
     # Revoking should fail when not logged in
-    post :revoke, :display_name => target_user.display_name, :role => "moderator"
+    post :revoke, :params => { :display_name => target_user.display_name, :role => "moderator" }
     assert_response :forbidden
 
     # Login as an unprivileged user
     session[:user] = normal_user.id
 
     # Revoking should still fail
-    post :revoke, :display_name => target_user.display_name, :role => "moderator"
+    post :revoke, :params => { :display_name => target_user.display_name, :role => "moderator" }
     assert_redirected_to user_path(target_user.display_name)
     assert_equal "Only administrators can perform user role management, and you are not an administrator.", flash[:error]
 
@@ -101,7 +101,7 @@ class UserRolesControllerTest < ActionController::TestCase
     UserRole::ALL_ROLES.each do |role|
       # Removing a role from a non-existent user should fail
       assert_difference "UserRole.count", 0 do
-        post :revoke, :display_name => "non_existent_user", :role => role
+        post :revoke, :params => { :display_name => "non_existent_user", :role => role }
       end
       assert_response :not_found
       assert_template "user/no_such_user"
@@ -109,20 +109,20 @@ class UserRolesControllerTest < ActionController::TestCase
 
       # Removing a role from a user that doesn't have it should fail
       assert_no_difference "UserRole.count" do
-        post :revoke, :display_name => target_user.display_name, :role => role
+        post :revoke, :params => { :display_name => target_user.display_name, :role => role }
       end
       assert_redirected_to user_path(target_user.display_name)
       assert_equal "The user does not have role #{role}.", flash[:error]
 
       # Removing a role from a user that has it should work...
       assert_difference "UserRole.count", -1 do
-        post :revoke, :display_name => super_user.display_name, :role => role
+        post :revoke, :params => { :display_name => super_user.display_name, :role => role }
       end
       assert_redirected_to user_path(super_user.display_name)
 
       # ...but trying a second time should fail
       assert_no_difference "UserRole.count" do
-        post :revoke, :display_name => super_user.display_name, :role => role
+        post :revoke, :params => { :display_name => super_user.display_name, :role => role }
       end
       assert_redirected_to user_path(super_user.display_name)
       assert_equal "The user does not have role #{role}.", flash[:error]
@@ -130,7 +130,7 @@ class UserRolesControllerTest < ActionController::TestCase
 
     # Revoking a non-existent role should fail
     assert_difference "UserRole.count", 0 do
-      post :revoke, :display_name => target_user.display_name, :role => "no_such_role"
+      post :revoke, :params => { :display_name => target_user.display_name, :role => "no_such_role" }
     end
     assert_redirected_to user_path(target_user.display_name)
     assert_equal "The string `no_such_role' is not a valid role.", flash[:error]
diff --git a/test/controllers/way_controller_test.rb b/test/controllers/way_controller_test.rb
index 99a45adef..b93a13759 100644
--- a/test/controllers/way_controller_test.rb
+++ b/test/controllers/way_controller_test.rb
@@ -37,15 +37,15 @@ class WayControllerTest < ActionController::TestCase
 
   def test_read
     # check that a visible way is returned properly
-    get :read, :id => create(:way).id
+    get :read, :params => { :id => create(:way).id }
     assert_response :success
 
     # check that an invisible way is not returned
-    get :read, :id => create(:way, :deleted).id
+    get :read, :params => { :id => create(:way, :deleted).id }
     assert_response :gone
 
     # check chat a non-existent way is not returned
-    get :read, :id => 0
+    get :read, :params => { :id => 0 }
     assert_response :not_found
   end
 
@@ -53,7 +53,7 @@ class WayControllerTest < ActionController::TestCase
   # check the "full" mode
   def test_full
     Way.all.each do |way|
-      get :full, :id => way.id
+      get :full, :params => { :id => way.id }
 
       # full call should say "gone" for non-visible ways...
       unless way.visible
@@ -90,11 +90,11 @@ class WayControllerTest < ActionController::TestCase
     assert_response :bad_request
 
     # check error when no parameter value provided
-    get :ways, :ways => ""
+    get :ways, :params => { :ways => "" }
     assert_response :bad_request
 
     # test a working call
-    get :ways, :ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id}"
+    get :ways, :params => { :ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id}" }
     assert_response :success
     assert_select "osm" do
       assert_select "way", :count => 4
@@ -105,7 +105,7 @@ class WayControllerTest < ActionController::TestCase
     end
 
     # check error when a non-existent way is included
-    get :ways, :ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id},400"
+    get :ways, :params => { :ways => "#{way1.id},#{way2.id},#{way3.id},#{way4.id},400" }
     assert_response :not_found
   end
 
@@ -274,34 +274,34 @@ class WayControllerTest < ActionController::TestCase
     relation = relation_member.relation
 
     # first try to delete way without auth
-    delete :delete, :id => way.id
+    delete :delete, :params => { :id => way.id }
     assert_response :unauthorized
 
     # now set auth using the private user
     basic_authorization(private_user.email, "test")
 
     # this shouldn't work as with the 0.6 api we need pay load to delete
-    delete :delete, :id => private_way.id
+    delete :delete, :params => { :id => private_way.id }
     assert_response :forbidden
 
     # Now try without having a changeset
     content "<osm><way id='#{private_way.id}'/></osm>"
-    delete :delete, :id => private_way.id
+    delete :delete, :params => { :id => private_way.id }
     assert_response :forbidden
 
     # try to delete with an invalid (closed) changeset
     content update_changeset(private_way.to_xml, private_closed_changeset.id)
-    delete :delete, :id => private_way.id
+    delete :delete, :params => { :id => private_way.id }
     assert_response :forbidden
 
     # try to delete with an invalid (non-existent) changeset
     content update_changeset(private_way.to_xml, 0)
-    delete :delete, :id => private_way.id
+    delete :delete, :params => { :id => private_way.id }
     assert_response :forbidden
 
     # Now try with a valid changeset
     content private_way.to_xml
-    delete :delete, :id => private_way.id
+    delete :delete, :params => { :id => private_way.id }
     assert_response :forbidden
 
     # check the returned value - should be the new version number
@@ -312,17 +312,17 @@ class WayControllerTest < ActionController::TestCase
 
     # this won't work since the way is already deleted
     content private_deleted_way.to_xml
-    delete :delete, :id => private_deleted_way.id
+    delete :delete, :params => { :id => private_deleted_way.id }
     assert_response :forbidden
 
     # this shouldn't work as the way is used in a relation
     content private_used_way.to_xml
-    delete :delete, :id => private_used_way.id
+    delete :delete, :params => { :id => private_used_way.id }
     assert_response :forbidden,
                     "shouldn't be able to delete a way used in a relation (#{@response.body}), when done by a private user"
 
     # this won't work since the way never existed
-    delete :delete, :id => 0
+    delete :delete, :params => { :id => 0 }
     assert_response :forbidden
 
     ### Now check with a public user
@@ -330,27 +330,27 @@ class WayControllerTest < ActionController::TestCase
     basic_authorization(user.email, "test")
 
     # this shouldn't work as with the 0.6 api we need pay load to delete
-    delete :delete, :id => way.id
+    delete :delete, :params => { :id => way.id }
     assert_response :bad_request
 
     # Now try without having a changeset
     content "<osm><way id='#{way.id}'/></osm>"
-    delete :delete, :id => way.id
+    delete :delete, :params => { :id => way.id }
     assert_response :bad_request
 
     # try to delete with an invalid (closed) changeset
     content update_changeset(way.to_xml, closed_changeset.id)
-    delete :delete, :id => way.id
+    delete :delete, :params => { :id => way.id }
     assert_response :conflict
 
     # try to delete with an invalid (non-existent) changeset
     content update_changeset(way.to_xml, 0)
-    delete :delete, :id => way.id
+    delete :delete, :params => { :id => way.id }
     assert_response :conflict
 
     # Now try with a valid changeset
     content way.to_xml
-    delete :delete, :id => way.id
+    delete :delete, :params => { :id => way.id }
     assert_response :success
 
     # check the returned value - should be the new version number
@@ -361,18 +361,18 @@ class WayControllerTest < ActionController::TestCase
 
     # this won't work since the way is already deleted
     content deleted_way.to_xml
-    delete :delete, :id => deleted_way.id
+    delete :delete, :params => { :id => deleted_way.id }
     assert_response :gone
 
     # this shouldn't work as the way is used in a relation
     content used_way.to_xml
-    delete :delete, :id => used_way.id
+    delete :delete, :params => { :id => used_way.id }
     assert_response :precondition_failed,
                     "shouldn't be able to delete a way used in a relation (#{@response.body})"
     assert_equal "Precondition failed: Way #{used_way.id} is still used by relations #{relation.id}.", @response.body
 
     # this won't work since the way never existed
-    delete :delete, :id => 0
+    delete :delete, :params => { :id => 0 }
     assert_response :not_found
   end
 
@@ -391,7 +391,7 @@ class WayControllerTest < ActionController::TestCase
     ## First test with no user credentials
     # try and update a way without authorisation
     content way.to_xml
-    put :update, :id => way.id
+    put :update, :params => { :id => way.id }
     assert_response :unauthorized
 
     ## Second test with the private user
@@ -404,32 +404,32 @@ class WayControllerTest < ActionController::TestCase
     # try and update in someone else's changeset
     content update_changeset(private_way.to_xml,
                              create(:changeset).id)
-    put :update, :id => private_way.id
+    put :update, :params => { :id => private_way.id }
     assert_require_public_data "update with other user's changeset should be forbidden when date isn't public"
 
     # try and update in a closed changeset
     content update_changeset(private_way.to_xml,
                              create(:changeset, :closed, :user => private_user).id)
-    put :update, :id => private_way.id
+    put :update, :params => { :id => private_way.id }
     assert_require_public_data "update with closed changeset should be forbidden, when data isn't public"
 
     # try and update in a non-existant changeset
     content update_changeset(private_way.to_xml, 0)
-    put :update, :id => private_way.id
+    put :update, :params => { :id => private_way.id }
     assert_require_public_data("update with changeset=0 should be forbidden, when data isn't public")
 
     ## try and submit invalid updates
     content xml_replace_node(private_way.to_xml, node.id, 9999)
-    put :update, :id => private_way.id
+    put :update, :params => { :id => private_way.id }
     assert_require_public_data "way with non-existent node should be forbidden, when data isn't public"
 
     content xml_replace_node(private_way.to_xml, node.id, create(:node, :deleted).id)
-    put :update, :id => private_way.id
+    put :update, :params => { :id => private_way.id }
     assert_require_public_data "way with deleted node should be forbidden, when data isn't public"
 
     ## finally, produce a good request which will still not work
     content private_way.to_xml
-    put :update, :id => private_way.id
+    put :update, :params => { :id => private_way.id }
     assert_require_public_data "should have failed with a forbidden when data isn't public"
 
     ## Finally test with the public user
@@ -442,27 +442,27 @@ class WayControllerTest < ActionController::TestCase
     # try and update in someone else's changeset
     content update_changeset(way.to_xml,
                              create(:changeset).id)
-    put :update, :id => way.id
+    put :update, :params => { :id => way.id }
     assert_response :conflict, "update with other user's changeset should be rejected"
 
     # try and update in a closed changeset
     content update_changeset(way.to_xml,
                              create(:changeset, :closed, :user => user).id)
-    put :update, :id => way.id
+    put :update, :params => { :id => way.id }
     assert_response :conflict, "update with closed changeset should be rejected"
 
     # try and update in a non-existant changeset
     content update_changeset(way.to_xml, 0)
-    put :update, :id => way.id
+    put :update, :params => { :id => way.id }
     assert_response :conflict, "update with changeset=0 should be rejected"
 
     ## try and submit invalid updates
     content xml_replace_node(way.to_xml, node.id, 9999)
-    put :update, :id => way.id
+    put :update, :params => { :id => way.id }
     assert_response :precondition_failed, "way with non-existent node should be rejected"
 
     content xml_replace_node(way.to_xml, node.id, create(:node, :deleted).id)
-    put :update, :id => way.id
+    put :update, :params => { :id => way.id }
     assert_response :precondition_failed, "way with deleted node should be rejected"
 
     ## next, attack the versioning
@@ -471,37 +471,37 @@ class WayControllerTest < ActionController::TestCase
     # try and submit a version behind
     content xml_attr_rewrite(way.to_xml,
                              "version", current_way_version - 1)
-    put :update, :id => way.id
+    put :update, :params => { :id => way.id }
     assert_response :conflict, "should have failed on old version number"
 
     # try and submit a version ahead
     content xml_attr_rewrite(way.to_xml,
                              "version", current_way_version + 1)
-    put :update, :id => way.id
+    put :update, :params => { :id => way.id }
     assert_response :conflict, "should have failed on skipped version number"
 
     # try and submit total crap in the version field
     content xml_attr_rewrite(way.to_xml,
                              "version", "p1r4t3s!")
-    put :update, :id => way.id
+    put :update, :params => { :id => way.id }
     assert_response :conflict,
                     "should not be able to put 'p1r4at3s!' in the version field"
 
     ## try an update with the wrong ID
     content create(:way).to_xml
-    put :update, :id => way.id
+    put :update, :params => { :id => way.id }
     assert_response :bad_request,
                     "should not be able to update a way with a different ID from the XML"
 
     ## try an update with a minimal valid XML doc which isn't a well-formed OSM doc.
     content "<update/>"
-    put :update, :id => way.id
+    put :update, :params => { :id => way.id }
     assert_response :bad_request,
                     "should not be able to update a way with non-OSM XML doc."
 
     ## finally, produce a good request which should work
     content way.to_xml
-    put :update, :id => way.id
+    put :update, :params => { :id => way.id }
     assert_response :success, "a valid update request failed"
   end
 
@@ -532,7 +532,7 @@ class WayControllerTest < ActionController::TestCase
 
     # try and upload it
     content way_xml
-    put :update, :id => private_way.id
+    put :update, :params => { :id => private_way.id }
     assert_response :forbidden,
                     "adding a duplicate tag to a way for a non-public should fail with 'forbidden'"
 
@@ -551,7 +551,7 @@ class WayControllerTest < ActionController::TestCase
 
     # try and upload it
     content way_xml
-    put :update, :id => way.id
+    put :update, :params => { :id => way.id }
     assert_response :success,
                     "adding a new tag to a way should succeed"
     assert_equal way.version + 1, @response.body.to_i
@@ -582,7 +582,7 @@ class WayControllerTest < ActionController::TestCase
 
     # try and upload it
     content way_xml
-    put :update, :id => private_way.id
+    put :update, :params => { :id => private_way.id }
     assert_response :forbidden,
                     "adding a duplicate tag to a way for a non-public should fail with 'forbidden'"
 
@@ -601,7 +601,7 @@ class WayControllerTest < ActionController::TestCase
 
     # try and upload it
     content way_xml
-    put :update, :id => way.id
+    put :update, :params => { :id => way.id }
     assert_response :bad_request,
                     "adding a duplicate tag to a way should fail with 'bad request'"
     assert_equal "Element way/#{way.id} has duplicate tags with key #{existing_tag.k}", @response.body
@@ -632,7 +632,7 @@ class WayControllerTest < ActionController::TestCase
 
     # try and upload it
     content way_xml
-    put :update, :id => private_way.id
+    put :update, :params => { :id => private_way.id }
     assert_response :forbidden,
                     "adding new duplicate tags to a way using a non-public user should fail with 'forbidden'"
 
@@ -653,7 +653,7 @@ class WayControllerTest < ActionController::TestCase
 
     # try and upload it
     content way_xml
-    put :update, :id => way.id
+    put :update, :params => { :id => way.id }
     assert_response :bad_request,
                     "adding new duplicate tags to a way should fail with 'bad request'"
     assert_equal "Element way/#{way.id} has duplicate tags with key i_am_a_duplicate", @response.body
@@ -719,7 +719,7 @@ class WayControllerTest < ActionController::TestCase
     _way3_v2 = create(:old_way, :current_way => way3_v1.current_way, :version => 2)
     create(:old_way_node, :old_way => way3_v1, :node => node)
 
-    get :ways_for_node, :id => node.id
+    get :ways_for_node, :params => { :id => node.id }
     assert_response :success
     ways_xml = XML::Parser.string(@response.body).parse
     assert_not_nil ways_xml, "failed to parse ways_for_node response"
diff --git a/test/integration/client_applications_test.rb b/test/integration/client_applications_test.rb
index 83325657c..8c5e70784 100644
--- a/test/integration/client_applications_test.rb
+++ b/test/integration/client_applications_test.rb
@@ -12,7 +12,7 @@ class ClientApplicationsTest < ActionDispatch::IntegrationTest
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true"
     follow_redirect!
     assert_response :success
-    post "/login", "username" => user.email, "password" => "test", :referer => "/user/#{URI.encode(user.display_name)}"
+    post "/login", :params => { "username" => user.email, "password" => "test", :referer => "/user/#{URI.encode(user.display_name)}" }
     assert_response :redirect
     follow_redirect!
     assert_response :success
@@ -50,10 +50,11 @@ class ClientApplicationsTest < ActionDispatch::IntegrationTest
       end
     end
 
-    post "/user/#{URI.encode(user.display_name)}/oauth_clients", "client_application[name]" => "My New App",
-                                                                 "client_application[url]" => "http://my.new.app.org/",
-                                                                 "client_application[callback_url]" => "http://my.new.app.org/callback",
-                                                                 "client_application[support_url]" => "http://my.new.app.org/support"
+    post "/user/#{URI.encode(user.display_name)}/oauth_clients",
+         :params => { "client_application[name]" => "My New App",
+                      "client_application[url]" => "http://my.new.app.org/",
+                      "client_application[callback_url]" => "http://my.new.app.org/callback",
+                      "client_application[support_url]" => "http://my.new.app.org/support" }
     assert_response :redirect
     follow_redirect!
     assert_response :success
diff --git a/test/integration/cors_test.rb b/test/integration/cors_test.rb
index fdecfc256..05754da71 100644
--- a/test/integration/cors_test.rb
+++ b/test/integration/cors_test.rb
@@ -1,22 +1,11 @@
 require "test_helper"
 
 class CORSTest < ActionDispatch::IntegrationTest
-  # Rails 4 adds a built-in `options` method. When we upgrade, we can remove
-  # this definition.
-  unless instance_methods.include?(:options)
-    def options(*args)
-      reset! unless integration_session
-      @html_document = nil
-      integration_session.send(:process, :options, *args).tap do
-        copy_session_variables!
-      end
-    end
-  end
-
   def test_api_routes_allow_cross_origin_requests
-    options "/api/capabilities", nil,
-            "HTTP_ORIGIN" => "http://www.example.com",
-            "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET"
+    process :options, "/api/capabilities", :headers => {
+      "HTTP_ORIGIN" => "http://www.example.com",
+      "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET"
+    }
 
     assert_response :success
     assert_equal "http://www.example.com", response.headers["Access-Control-Allow-Origin"]
@@ -24,9 +13,10 @@ class CORSTest < ActionDispatch::IntegrationTest
 
   def test_non_api_routes_dont_allow_cross_origin_requests
     assert_raises ActionController::RoutingError do
-      options "/", nil,
-              "HTTP_ORIGIN" => "http://www.example.com",
-              "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET"
+      process :options, "/", :headers => {
+        "HTTP_ORIGIN" => "http://www.example.com",
+        "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET"
+      }
     end
   end
 end
diff --git a/test/integration/oauth_test.rb b/test/integration/oauth_test.rb
index 91bad005a..60e1db24d 100644
--- a/test/integration/oauth_test.rb
+++ b/test/integration/oauth_test.rb
@@ -10,7 +10,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
   def test_oauth10_web_app
     client = create(:client_application, :callback_url => "http://some.web.app.example.org/callback", :allow_read_prefs => true, :allow_write_api => true, :allow_read_gpx => true)
 
-    post "/login", :username => client.user.email, :password => "test"
+    post "/login", :params => { :username => client.user.email, :password => "test" }
     follow_redirect!
     follow_redirect!
     assert_response :success
@@ -23,7 +23,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
   def test_oauth10_desktop_app
     client = create(:client_application, :allow_read_prefs => true, :allow_write_api => true, :allow_read_gpx => true)
 
-    post "/login", :username => client.user.email, :password => "test"
+    post "/login", :params => { :username => client.user.email, :password => "test" }
     follow_redirect!
     follow_redirect!
     assert_response :success
@@ -35,7 +35,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
   def test_oauth10a_web_app
     client = create(:client_application, :callback_url => "http://some.web.app.example.org/callback", :allow_read_prefs => true, :allow_write_api => true, :allow_read_gpx => true)
 
-    post "/login", :username => client.user.email, :password => "test"
+    post "/login", :params => { :username => client.user.email, :password => "test" }
     follow_redirect!
     follow_redirect!
     assert_response :success
@@ -48,7 +48,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
   def test_oauth10a_desktop_app
     client = create(:client_application, :allow_read_prefs => true, :allow_write_api => true, :allow_read_gpx => true)
 
-    post "/login", :username => client.user.email, :password => "test"
+    post "/login", :params => { :username => client.user.email, :password => "test" }
     follow_redirect!
     follow_redirect!
     assert_response :success
@@ -62,13 +62,13 @@ class OAuthTest < ActionDispatch::IntegrationTest
   def oauth10_without_callback(client)
     token = get_request_token(client)
 
-    get "/oauth/authorize", :oauth_token => token.token
+    get "/oauth/authorize", :params => { :oauth_token => token.token }
     assert_response :success
     assert_template :authorize
 
     post "/oauth/authorize",
-         :oauth_token => token.token,
-         :allow_read_prefs => true, :allow_write_prefs => true
+         :params => { :oauth_token => token.token,
+                      :allow_read_prefs => true, :allow_write_prefs => true }
     if client.callback_url
       assert_response :redirect
       assert_redirected_to "#{client.callback_url}?oauth_token=#{token.token}"
@@ -101,7 +101,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
     signed_get "/api/0.6/gpx/2", :consumer => client, :token => token
     assert_response :forbidden
 
-    post "/oauth/revoke", :token => token.token
+    post "/oauth/revoke", :params => { :token => token.token }
     assert_redirected_to oauth_clients_url(token.user.display_name)
     token = OauthToken.find_by(:token => token.token)
     assert_not_nil token.invalidated_at
@@ -113,11 +113,11 @@ class OAuthTest < ActionDispatch::IntegrationTest
   def oauth10_refused(client)
     token = get_request_token(client)
 
-    get "/oauth/authorize", :oauth_token => token.token
+    get "/oauth/authorize", :params => { :oauth_token => token.token }
     assert_response :success
     assert_template :authorize
 
-    post "/oauth/authorize", :oauth_token => token.token
+    post "/oauth/authorize", :params => { :oauth_token => token.token }
     assert_response :success
     assert_template :authorize_failure
     assert_select "p", "You have denied application #{client.name} access to your account."
@@ -125,7 +125,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
     assert_nil token.authorized_at
     assert_not_nil token.invalidated_at
 
-    get "/oauth/authorize", :oauth_token => token.token
+    get "/oauth/authorize", :params => { :oauth_token => token.token }
     assert_response :success
     assert_template :authorize_failure
     assert_select "p", "The authorization token is not valid."
@@ -133,7 +133,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
     assert_nil token.authorized_at
     assert_not_nil token.invalidated_at
 
-    post "/oauth/authorize", :oauth_token => token.token
+    post "/oauth/authorize", :params => { :oauth_token => token.token }
     assert_response :success
     assert_template :authorize_failure
     assert_select "p", "The authorization token is not valid."
@@ -145,13 +145,13 @@ class OAuthTest < ActionDispatch::IntegrationTest
   def oauth10_with_callback(client, callback_url)
     token = get_request_token(client)
 
-    get "/oauth/authorize", :oauth_token => token.token
+    get "/oauth/authorize", :params => { :oauth_token => token.token }
     assert_response :success
     assert_template :authorize
 
     post "/oauth/authorize",
-         :oauth_token => token.token, :oauth_callback => callback_url,
-         :allow_write_api => true, :allow_read_gpx => true
+         :params => { :oauth_token => token.token, :oauth_callback => callback_url,
+                      :allow_write_api => true, :allow_read_gpx => true }
     assert_response :redirect
     assert_redirected_to "#{callback_url}?oauth_token=#{token.token}"
     token.reload
@@ -180,7 +180,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
     signed_get "/api/0.6/user/details", :consumer => client, :token => token
     assert_response :forbidden
 
-    post "/oauth/revoke", :token => token.token
+    post "/oauth/revoke", :params => { :token => token.token }
     assert_redirected_to oauth_clients_url(token.user.display_name)
     token = OauthToken.find_by(:token => token.token)
     assert_not_nil token.invalidated_at
@@ -192,13 +192,13 @@ class OAuthTest < ActionDispatch::IntegrationTest
   def oauth10a_without_callback(client)
     token = get_request_token(client, :oauth_callback => "oob")
 
-    get "/oauth/authorize", :oauth_token => token.token
+    get "/oauth/authorize", :params => { :oauth_token => token.token }
     assert_response :success
     assert_template :authorize
 
     post "/oauth/authorize",
-         :oauth_token => token.token,
-         :allow_read_prefs => true, :allow_write_prefs => true
+         :params => { :oauth_token => token.token,
+                      :allow_read_prefs => true, :allow_write_prefs => true }
     if client.callback_url
       assert_response :redirect
       verifier = parse_verifier(response)
@@ -240,7 +240,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
     signed_get "/api/0.6/gpx/#{trace.id}", :consumer => client, :token => token
     assert_response :forbidden
 
-    post "/oauth/revoke", :token => token.token
+    post "/oauth/revoke", :params => { :token => token.token }
     assert_redirected_to oauth_clients_url(token.user.display_name)
     token = OauthToken.find_by(:token => token.token)
     assert_not_nil token.invalidated_at
@@ -252,13 +252,13 @@ class OAuthTest < ActionDispatch::IntegrationTest
   def oauth10a_with_callback(client, callback_url)
     token = get_request_token(client, :oauth_callback => callback_url)
 
-    get "/oauth/authorize", :oauth_token => token.token
+    get "/oauth/authorize", :params => { :oauth_token => token.token }
     assert_response :success
     assert_template :authorize
 
     post "/oauth/authorize",
-         :oauth_token => token.token,
-         :allow_write_api => true, :allow_read_gpx => true
+         :params => { :oauth_token => token.token,
+                      :allow_write_api => true, :allow_read_gpx => true }
     assert_response :redirect
     verifier = parse_verifier(response)
     assert_redirected_to "#{callback_url}?oauth_token=#{token.token}&oauth_verifier=#{verifier}"
@@ -292,7 +292,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
     signed_get "/api/0.6/user/details", :consumer => client, :token => token
     assert_response :forbidden
 
-    post "/oauth/revoke", :token => token.token
+    post "/oauth/revoke", :params => { :token => token.token }
     assert_redirected_to oauth_clients_url(token.user.display_name)
     token = OauthToken.find_by(:token => token.token)
     assert_not_nil token.invalidated_at
@@ -304,11 +304,11 @@ class OAuthTest < ActionDispatch::IntegrationTest
   def oauth10a_refused(client)
     token = get_request_token(client, :oauth_callback => "oob")
 
-    get "/oauth/authorize", :oauth_token => token.token
+    get "/oauth/authorize", :params => { :oauth_token => token.token }
     assert_response :success
     assert_template :authorize
 
-    post "/oauth/authorize", :oauth_token => token.token
+    post "/oauth/authorize", :params => { :oauth_token => token.token }
     assert_response :success
     assert_template :authorize_failure
     assert_select "p", "You have denied application #{client.name} access to your account."
@@ -316,7 +316,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
     assert_nil token.authorized_at
     assert_not_nil token.invalidated_at
 
-    get "/oauth/authorize", :oauth_token => token.token
+    get "/oauth/authorize", :params => { :oauth_token => token.token }
     assert_response :success
     assert_template :authorize_failure
     assert_select "p", "The authorization token is not valid."
@@ -324,7 +324,7 @@ class OAuthTest < ActionDispatch::IntegrationTest
     assert_nil token.authorized_at
     assert_not_nil token.invalidated_at
 
-    post "/oauth/authorize", :oauth_token => token.token
+    post "/oauth/authorize", :params => { :oauth_token => token.token }
     assert_response :success
     assert_template :authorize_failure
     assert_select "p", "The authorization token is not valid."
diff --git a/test/integration/page_locale_test.rb b/test/integration/page_locale_test.rb
index ac34274a4..9c42d9be7 100644
--- a/test/integration/page_locale_test.rb
+++ b/test/integration/page_locale_test.rb
@@ -13,14 +13,14 @@ class PageLocaleTest < ActionDispatch::IntegrationTest
   def test_defaulting
     user = create(:user, :languages => [])
 
-    post "/login", :username => user.email, :password => "test"
+    post "/login", :params => { :username => user.email, :password => "test" }
     follow_redirect!
 
-    get "/diary/new", {}
+    get "/diary/new"
     assert_equal [], User.find(user.id).languages
     assert_select "html[lang=?]", "en"
 
-    get "/diary/new", {}, { "HTTP_ACCEPT_LANGUAGE" => "fr, en" }
+    get "/diary/new", :headers => { "HTTP_ACCEPT_LANGUAGE" => "fr, en" }
     assert_equal %w[fr en], User.find(user.id).languages
     assert_select "html[lang=?]", "fr"
   end
@@ -31,16 +31,16 @@ class PageLocaleTest < ActionDispatch::IntegrationTest
     get "/diary"
     assert_select "html[lang=?]", "en"
 
-    get "/diary", :locale => "es"
+    get "/diary", :params => { :locale => "es" }
     assert_select "html[lang=?]", "es"
 
-    post "/login", :username => user.email, :password => "test"
+    post "/login", :params => { :username => user.email, :password => "test" }
     follow_redirect!
 
     get "/diary"
     assert_select "html[lang=?]", "de"
 
-    get "/diary", :locale => "fr"
+    get "/diary", :params => { :locale => "fr" }
     assert_select "html[lang=?]", "fr"
   end
 end
diff --git a/test/integration/user_blocks_test.rb b/test/integration/user_blocks_test.rb
index 38bb3338a..4048d5303 100644
--- a/test/integration/user_blocks_test.rb
+++ b/test/integration/user_blocks_test.rb
@@ -11,7 +11,7 @@ class UserBlocksTest < ActionDispatch::IntegrationTest
     get "/api/#{API_VERSION}/user/details"
     assert_response :unauthorized
 
-    get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
+    get "/api/#{API_VERSION}/user/details", :headers => auth_header(blocked_user.display_name, "test")
     assert_response :success
 
     # now block the user
@@ -21,7 +21,7 @@ class UserBlocksTest < ActionDispatch::IntegrationTest
       :reason => "testing",
       :ends_at => Time.now.getutc + 5.minutes
     )
-    get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
+    get "/api/#{API_VERSION}/user/details", :headers => auth_header(blocked_user.display_name, "test")
     assert_response :forbidden
   end
 
@@ -35,18 +35,18 @@ class UserBlocksTest < ActionDispatch::IntegrationTest
       :reason => "testing",
       :ends_at => Time.now.getutc + 5.minutes
     )
-    get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
+    get "/api/#{API_VERSION}/user/details", :headers => auth_header(blocked_user.display_name, "test")
     assert_response :forbidden
 
     # revoke the ban
     get "/login"
     assert_response :success
-    post "/login", "username" => moderator.email, "password" => "test", :referer => "/blocks/#{block.id}/revoke"
+    post "/login", :params => { "username" => moderator.email, "password" => "test", :referer => "/blocks/#{block.id}/revoke" }
     assert_response :redirect
     follow_redirect!
     assert_response :success
     assert_template "user_blocks/revoke"
-    post "/blocks/#{block.id}/revoke", "confirm" => "yes"
+    post "/blocks/#{block.id}/revoke", :params => { "confirm" => "yes" }
     assert_response :redirect
     follow_redirect!
     assert_response :success
@@ -54,7 +54,7 @@ class UserBlocksTest < ActionDispatch::IntegrationTest
     reset!
 
     # access the API again. this time it should work
-    get "/api/#{API_VERSION}/user/details", nil, auth_header(blocked_user.display_name, "test")
+    get "/api/#{API_VERSION}/user/details", :headers => auth_header(blocked_user.display_name, "test")
     assert_response :success
   end
 end
diff --git a/test/integration/user_changeset_comments_test.rb b/test/integration/user_changeset_comments_test.rb
index 3667db5ca..603030469 100644
--- a/test/integration/user_changeset_comments_test.rb
+++ b/test/integration/user_changeset_comments_test.rb
@@ -30,7 +30,7 @@ class UserChangesetCommentsTest < ActionDispatch::IntegrationTest
     assert_response :success
     assert_template "user/login"
     # We can now login
-    post "/login", "username" => user.email, "password" => "test"
+    post "/login", :params => { "username" => user.email, "password" => "test" }
     assert_response :redirect
 
     get "/changeset/#{changeset.id}"
diff --git a/test/integration/user_creation_test.rb b/test/integration/user_creation_test.rb
index db42b22a7..20ee9a885 100644
--- a/test/integration/user_creation_test.rb
+++ b/test/integration/user_creation_test.rb
@@ -24,7 +24,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
   def test_create_user_form
     I18n.available_locales.each do |locale|
       reset!
-      get "/user/new", {}, { "HTTP_ACCEPT_LANGUAGE" => locale.to_s }
+      get "/user/new", :headers => { "HTTP_ACCEPT_LANGUAGE" => locale.to_s }
       follow_redirect!
       assert_response :success
       assert_template "user/new"
@@ -38,8 +38,8 @@ class UserCreationTest < ActionDispatch::IntegrationTest
       assert_difference("User.count", 0) do
         assert_difference("ActionMailer::Base.deliveries.size", 0) do
           post "/user/new",
-               { :user => { :email => dup_email, :email_confirmation => dup_email, :display_name => display_name, :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" } },
-               { "HTTP_ACCEPT_LANGUAGE" => locale.to_s }
+               :params => { :user => { :email => dup_email, :email_confirmation => dup_email, :display_name => display_name, :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" } },
+               :headers => { "HTTP_ACCEPT_LANGUAGE" => locale.to_s }
         end
       end
       assert_response :success
@@ -57,8 +57,8 @@ class UserCreationTest < ActionDispatch::IntegrationTest
       assert_difference("User.count", 0) do
         assert_difference("ActionMailer::Base.deliveries.size", 0) do
           post "/user/new",
-               { :user => { :email => email, :email_confirmation => email, :display_name => dup_display_name, :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" } },
-               { "HTTP_ACCEPT_LANGUAGE" => locale.to_s }
+               :params => { :user => { :email => email, :email_confirmation => email, :display_name => dup_display_name, :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" } },
+               :headers => { "HTTP_ACCEPT_LANGUAGE" => locale.to_s }
         end
       end
       assert_response :success
@@ -76,7 +76,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
       assert_difference("User.count", 0) do
         assert_difference("ActionMailer::Base.deliveries.size", 0) do
           post "/user/new",
-               :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" }
+               :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" } }
         end
       end
 
@@ -84,8 +84,8 @@ class UserCreationTest < ActionDispatch::IntegrationTest
 
       assert_difference("User.count") do
         assert_difference("ActionMailer::Base.deliveries.size", 1) do
-          post "/user/save", {},
-               { "HTTP_ACCEPT_LANGUAGE" => locale.to_s }
+          post "/user/save",
+               :headers => { "HTTP_ACCEPT_LANGUAGE" => locale.to_s }
           follow_redirect!
         end
       end
@@ -123,10 +123,10 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :pass_crypt => password, :pass_crypt_confirmation => password }, :referer => referer
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :pass_crypt => password, :pass_crypt_confirmation => password }, :referer => referer }
         assert_redirected_to "/user/terms"
         post "/user/save",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :pass_crypt => password, :pass_crypt_confirmation => password }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :pass_crypt => password, :pass_crypt_confirmation => password } }
         follow_redirect!
       end
     end
@@ -149,11 +149,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     ActionMailer::Base.deliveries.clear
 
     # Go to the confirmation page
-    get "/user/#{display_name}/confirm", :confirm_string => confirm_string
+    get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
     assert_response :success
     assert_template "user/confirm"
 
-    post "/user/#{display_name}/confirm", :confirm_string => confirm_string
+    post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
     assert_response :redirect
     follow_redirect!
     assert_response :success
@@ -169,7 +169,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "openid", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "", :pass_crypt_confirmation => "" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "openid", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "", :pass_crypt_confirmation => "" } }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
         follow_redirect!
@@ -179,7 +179,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
         assert_response :redirect
         assert_redirected_to "/user/terms"
         post "/user/save",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "openid", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => password, :pass_crypt_confirmation => password }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "openid", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => password, :pass_crypt_confirmation => password } }
         assert_response :redirect
         follow_redirect!
       end
@@ -200,7 +200,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count", 0) do
       assert_difference("ActionMailer::Base.deliveries.size", 0) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "openid", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "", :pass_crypt_confirmation => "" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "openid", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "", :pass_crypt_confirmation => "" } }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
         follow_redirect!
@@ -230,7 +230,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "openid", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "", :pass_crypt_confirmation => "" }, :referer => referer
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "openid", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "", :pass_crypt_confirmation => "" }, :referer => referer }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "openid", :openid_url => "http://localhost:1123/new.tester", :origin => "/user/new")
         follow_redirect!
@@ -240,7 +240,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
         assert_response :redirect
         assert_redirected_to "/user/terms"
         post "/user/save",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "openid", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "openid", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" } }
         follow_redirect!
       end
     end
@@ -263,11 +263,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     ActionMailer::Base.deliveries.clear
 
     # Go to the confirmation page
-    get "/user/#{display_name}/confirm", :confirm_string => confirm_string
+    get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
     assert_response :success
     assert_template "user/confirm"
 
-    post "/user/#{display_name}/confirm", :confirm_string => confirm_string
+    post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
     assert_response :redirect
     follow_redirect!
     assert_response :success
@@ -285,7 +285,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "google", :pass_crypt => "", :pass_crypt_confirmation => "" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "google", :pass_crypt => "", :pass_crypt_confirmation => "" } }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "google", :origin => "/user/new")
         follow_redirect!
@@ -295,7 +295,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
         assert_response :redirect
         assert_redirected_to "/user/terms"
         post "/user/save",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "google", :auth_uid => "123454321", :pass_crypt => password, :pass_crypt_confirmation => password }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "google", :auth_uid => "123454321", :pass_crypt => password, :pass_crypt_confirmation => password } }
         assert_response :redirect
         follow_redirect!
       end
@@ -316,7 +316,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count", 0) do
       assert_difference("ActionMailer::Base.deliveries.size", 0) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "google", :pass_crypt => "", :pass_crypt_confirmation => "" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "google", :pass_crypt => "", :pass_crypt_confirmation => "" } }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "google", :origin => "/user/new")
         follow_redirect!
@@ -348,7 +348,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "google", :pass_crypt => "", :pass_crypt_confirmation => "" }, :referer => referer
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "google", :pass_crypt => "", :pass_crypt_confirmation => "" }, :referer => referer }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "google", :origin => "/user/new")
         follow_redirect!
@@ -358,7 +358,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
         assert_response :redirect
         assert_redirected_to "/user/terms"
         post "/user/save",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "google", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "google", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" } }
         follow_redirect!
       end
     end
@@ -381,11 +381,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     ActionMailer::Base.deliveries.clear
 
     # Go to the confirmation page
-    get "/user/#{display_name}/confirm", :confirm_string => confirm_string
+    get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
     assert_response :success
     assert_template "user/confirm"
 
-    post "/user/#{display_name}/confirm", :confirm_string => confirm_string
+    post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
     assert_response :redirect
     follow_redirect!
     assert_response :success
@@ -401,7 +401,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "facebook", :pass_crypt => "", :pass_crypt_confirmation => "" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "facebook", :pass_crypt => "", :pass_crypt_confirmation => "" } }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "facebook", :origin => "/user/new")
         follow_redirect!
@@ -411,7 +411,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
         assert_response :redirect
         assert_redirected_to "/user/terms"
         post "/user/save",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "facebook", :auth_uid => "123454321", :pass_crypt => password, :pass_crypt_confirmation => password }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "facebook", :auth_uid => "123454321", :pass_crypt => password, :pass_crypt_confirmation => password } }
         assert_response :redirect
         follow_redirect!
       end
@@ -432,7 +432,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count", 0) do
       assert_difference("ActionMailer::Base.deliveries.size", 0) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "facebook", :pass_crypt => "", :pass_crypt_confirmation => "" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "facebook", :pass_crypt => "", :pass_crypt_confirmation => "" } }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "facebook", :origin => "/user/new")
         follow_redirect!
@@ -462,7 +462,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "facebook", :pass_crypt => "", :pass_crypt_confirmation => "" }, :referer => referer
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "facebook", :pass_crypt => "", :pass_crypt_confirmation => "" }, :referer => referer }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "facebook", :origin => "/user/new")
         follow_redirect!
@@ -472,7 +472,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
         assert_response :redirect
         assert_redirected_to "/user/terms"
         post "/user/save",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "facebook", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "facebook", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" } }
         follow_redirect!
       end
     end
@@ -495,11 +495,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     ActionMailer::Base.deliveries.clear
 
     # Go to the confirmation page
-    get "/user/#{display_name}/confirm", :confirm_string => confirm_string
+    get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
     assert_response :success
     assert_template "user/confirm"
 
-    post "/user/#{display_name}/confirm", :confirm_string => confirm_string
+    post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
     assert_response :redirect
     follow_redirect!
     assert_response :success
@@ -515,7 +515,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "windowslive", :pass_crypt => "", :pass_crypt_confirmation => "" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "windowslive", :pass_crypt => "", :pass_crypt_confirmation => "" } }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "windowslive", :origin => "/user/new")
         follow_redirect!
@@ -525,7 +525,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
         assert_response :redirect
         assert_redirected_to "/user/terms"
         post "/user/save",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "windowslive", :auth_uid => "123454321", :pass_crypt => password, :pass_crypt_confirmation => password }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "windowslive", :auth_uid => "123454321", :pass_crypt => password, :pass_crypt_confirmation => password } }
         assert_response :redirect
         follow_redirect!
       end
@@ -546,7 +546,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count", 0) do
       assert_difference("ActionMailer::Base.deliveries.size", 0) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "windowslive", :pass_crypt => "", :pass_crypt_confirmation => "" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "windowslive", :pass_crypt => "", :pass_crypt_confirmation => "" } }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "windowslive", :origin => "/user/new")
         follow_redirect!
@@ -576,7 +576,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "windowslive", :pass_crypt => "", :pass_crypt_confirmation => "" }, :referer => referer
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "windowslive", :pass_crypt => "", :pass_crypt_confirmation => "" }, :referer => referer }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "windowslive", :origin => "/user/new")
         follow_redirect!
@@ -586,7 +586,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
         assert_response :redirect
         assert_redirected_to "/user/terms"
         post "/user/save",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "windowslive", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "windowslive", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" } }
         follow_redirect!
       end
     end
@@ -609,11 +609,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     ActionMailer::Base.deliveries.clear
 
     # Go to the confirmation page
-    get "/user/#{display_name}/confirm", :confirm_string => confirm_string
+    get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
     assert_response :success
     assert_template "user/confirm"
 
-    post "/user/#{display_name}/confirm", :confirm_string => confirm_string
+    post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
     assert_response :redirect
     follow_redirect!
     assert_response :success
@@ -629,7 +629,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "github", :pass_crypt => "", :pass_crypt_confirmation => "" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "github", :pass_crypt => "", :pass_crypt_confirmation => "" } }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "github", :origin => "/user/new")
         follow_redirect!
@@ -639,7 +639,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
         assert_response :redirect
         assert_redirected_to "/user/terms"
         post "/user/save",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "github", :auth_uid => "123454321", :pass_crypt => password, :pass_crypt_confirmation => password }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "github", :auth_uid => "123454321", :pass_crypt => password, :pass_crypt_confirmation => password } }
         assert_response :redirect
         follow_redirect!
       end
@@ -660,7 +660,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count", 0) do
       assert_difference("ActionMailer::Base.deliveries.size", 0) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "github", :pass_crypt => "", :pass_crypt_confirmation => "" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "github", :pass_crypt => "", :pass_crypt_confirmation => "" } }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "github", :origin => "/user/new")
         follow_redirect!
@@ -690,7 +690,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "github", :pass_crypt => "", :pass_crypt_confirmation => "" }, :referer => referer
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "github", :pass_crypt => "", :pass_crypt_confirmation => "" }, :referer => referer }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "github", :origin => "/user/new")
         follow_redirect!
@@ -700,7 +700,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
         assert_response :redirect
         assert_redirected_to "/user/terms"
         post "/user/save",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "github", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "github", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" } }
         follow_redirect!
       end
     end
@@ -723,11 +723,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     ActionMailer::Base.deliveries.clear
 
     # Go to the confirmation page
-    get "/user/#{display_name}/confirm", :confirm_string => confirm_string
+    get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
     assert_response :success
     assert_template "user/confirm"
 
-    post "/user/#{display_name}/confirm", :confirm_string => confirm_string
+    post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
     assert_response :redirect
     follow_redirect!
     assert_response :success
@@ -743,7 +743,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "wikipedia", :pass_crypt => "", :pass_crypt_confirmation => "" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "wikipedia", :pass_crypt => "", :pass_crypt_confirmation => "" } }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "wikipedia", :origin => "/user/new")
         follow_redirect!
@@ -753,7 +753,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
         assert_response :redirect
         assert_redirected_to "/user/terms"
         post "/user/save",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "wikipedia", :auth_uid => "123454321", :pass_crypt => password, :pass_crypt_confirmation => password }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "wikipedia", :auth_uid => "123454321", :pass_crypt => password, :pass_crypt_confirmation => password } }
         assert_response :redirect
         follow_redirect!
       end
@@ -774,7 +774,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count", 0) do
       assert_difference("ActionMailer::Base.deliveries.size", 0) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "wikipedia", :pass_crypt => "", :pass_crypt_confirmation => "" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "wikipedia", :pass_crypt => "", :pass_crypt_confirmation => "" } }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "wikipedia", :origin => "/user/new")
         follow_redirect!
@@ -804,7 +804,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     assert_difference("User.count") do
       assert_difference("ActionMailer::Base.deliveries.size", 1) do
         post "/user/new",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "wikipedia", :pass_crypt => "", :pass_crypt_confirmation => "" }, :referer => referer
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "wikipedia", :pass_crypt => "", :pass_crypt_confirmation => "" }, :referer => referer }
         assert_response :redirect
         assert_redirected_to auth_path(:provider => "wikipedia", :origin => "/user/new")
         follow_redirect!
@@ -814,7 +814,7 @@ class UserCreationTest < ActionDispatch::IntegrationTest
         assert_response :redirect
         assert_redirected_to "/user/terms"
         post "/user/save",
-             :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "wikipedia", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" }
+             :params => { :user => { :email => new_email, :email_confirmation => new_email, :display_name => display_name, :auth_provider => "wikipedia", :auth_uid => "http://localhost:1123/new.tester", :pass_crypt => "testtest", :pass_crypt_confirmation => "testtest" } }
         follow_redirect!
       end
     end
@@ -837,11 +837,11 @@ class UserCreationTest < ActionDispatch::IntegrationTest
     ActionMailer::Base.deliveries.clear
 
     # Go to the confirmation page
-    get "/user/#{display_name}/confirm", :confirm_string => confirm_string
+    get "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
     assert_response :success
     assert_template "user/confirm"
 
-    post "/user/#{display_name}/confirm", :confirm_string => confirm_string
+    post "/user/#{display_name}/confirm", :params => { :confirm_string => confirm_string }
     assert_response :redirect
     follow_redirect!
     assert_response :success
diff --git a/test/integration/user_diaries_test.rb b/test/integration/user_diaries_test.rb
index df070dd37..2c1e65145 100644
--- a/test/integration/user_diaries_test.rb
+++ b/test/integration/user_diaries_test.rb
@@ -13,7 +13,7 @@ class UserDiariesTest < ActionDispatch::IntegrationTest
     assert_response :success
     assert_template "user/login"
     # We can now login
-    post "/login", "username" => user.email, "password" => "test", :referer => "/diary/new"
+    post "/login", :params => { "username" => user.email, "password" => "test", :referer => "/diary/new" }
     assert_response :redirect
     # print @response.body
     # Check that there is some payload alerting the user to the redirect
diff --git a/test/integration/user_login_test.rb b/test/integration/user_login_test.rb
index 337e59059..538c03999 100644
--- a/test/integration/user_login_test.rb
+++ b/test/integration/user_login_test.rb
@@ -341,13 +341,13 @@ class UserLoginTest < ActionDispatch::IntegrationTest
     user = create(:user, :auth_provider => "openid", :auth_uid => "http://example.com/john.doe")
     OmniAuth.config.add_mock(:openid, :uid => user.auth_uid)
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to :controller => :user, :action => :login, :cookie_test => true, :referer => "/history"
     follow_redirect!
     assert_response :success
     assert_template "user/login"
-    post "/login", :openid_url => "http://localhost:1123/john.doe", :referer => "/history"
+    post "/login", :params => { :openid_url => "http://localhost:1123/john.doe", :referer => "/history" }
     assert_response :redirect
     assert_redirected_to auth_path(:provider => "openid", :openid_url => "http://localhost:1123/john.doe", :origin => "/login?referer=%2Fhistory", :referer => "/history")
     follow_redirect!
@@ -365,13 +365,13 @@ class UserLoginTest < ActionDispatch::IntegrationTest
     user = create(:user, :auth_provider => "openid", :auth_uid => "http://example.com/john.doe")
     OmniAuth.config.add_mock(:openid, :uid => user.auth_uid)
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to :controller => :user, :action => :login, :cookie_test => true, :referer => "/history"
     follow_redirect!
     assert_response :success
     assert_template "user/login"
-    post "/login", :openid_url => user.auth_uid, :remember_me_openid => true, :referer => "/history"
+    post "/login", :params => { :openid_url => user.auth_uid, :remember_me_openid => true, :referer => "/history" }
     assert_response :redirect
     assert_redirected_to auth_path(:provider => "openid", :openid_url => user.auth_uid, :origin => "/login?referer=%2Fhistory", :referer => "/history")
     follow_redirect!
@@ -390,13 +390,13 @@ class UserLoginTest < ActionDispatch::IntegrationTest
     user = create(:user, :auth_provider => "openid", :auth_uid => "http://example.com/john.doe")
     OmniAuth.config.mock_auth[:openid] = :connection_failed
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to :controller => :user, :action => :login, :cookie_test => true, :referer => "/history"
     follow_redirect!
     assert_response :success
     assert_template "user/login"
-    post "/login", :openid_url => user.auth_uid, :referer => "/history"
+    post "/login", :params => { :openid_url => user.auth_uid, :referer => "/history" }
     assert_response :redirect
     assert_redirected_to auth_path(:provider => "openid", :openid_url => user.auth_uid, :origin => "/login?referer=%2Fhistory", :referer => "/history")
     follow_redirect!
@@ -418,13 +418,13 @@ class UserLoginTest < ActionDispatch::IntegrationTest
     user = create(:user, :auth_provider => "openid", :auth_uid => "http://example.com/john.doe")
     OmniAuth.config.mock_auth[:openid] = :invalid_credentials
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to :controller => :user, :action => :login, :cookie_test => true, :referer => "/history"
     follow_redirect!
     assert_response :success
     assert_template "user/login"
-    post "/login", :openid_url => user.auth_uid, :referer => "/history"
+    post "/login", :params => { :openid_url => user.auth_uid, :referer => "/history" }
     assert_response :redirect
     assert_redirected_to auth_path(:provider => "openid", :openid_url => user.auth_uid, :origin => "/login?referer=%2Fhistory", :referer => "/history")
     follow_redirect!
@@ -445,13 +445,13 @@ class UserLoginTest < ActionDispatch::IntegrationTest
   def test_login_openid_unknown
     OmniAuth.config.add_mock(:openid, :uid => "http://localhost:1123/fred.bloggs")
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to :controller => :user, :action => :login, :cookie_test => true, :referer => "/history"
     follow_redirect!
     assert_response :success
     assert_template "user/login"
-    post "/login", :openid_url => "http://localhost:1123/fred.bloggs", :referer => "/history"
+    post "/login", :params => { :openid_url => "http://localhost:1123/fred.bloggs", :referer => "/history" }
     assert_response :redirect
     assert_redirected_to auth_path(:provider => "openid", :openid_url => "http://localhost:1123/fred.bloggs", :origin => "/login?referer=%2Fhistory", :referer => "/history")
     follow_redirect!
@@ -471,7 +471,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
                                :id_info => { "openid_id" => "http://localhost:1123/fred.bloggs" }
                              })
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -491,7 +491,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
   def test_login_google_connection_failed
     OmniAuth.config.mock_auth[:google] = :connection_failed
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -515,7 +515,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
   def test_login_google_invalid_credentials
     OmniAuth.config.mock_auth[:google] = :invalid_credentials
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -541,7 +541,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
                                :id_info => { "openid_id" => "http://localhost:1123/fred.bloggs" }
                              })
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -564,7 +564,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
                                :id_info => { "openid_id" => user.auth_uid }
                              })
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -589,7 +589,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
     user = create(:user, :auth_provider => "facebook", :auth_uid => "1234567890")
     OmniAuth.config.add_mock(:facebook, :uid => user.auth_uid)
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -609,7 +609,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
   def test_login_facebook_connection_failed
     OmniAuth.config.mock_auth[:facebook] = :connection_failed
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -633,7 +633,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
   def test_login_facebook_invalid_credentials
     OmniAuth.config.mock_auth[:facebook] = :invalid_credentials
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -657,7 +657,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
   def test_login_facebook_unknown
     OmniAuth.config.add_mock(:facebook, :uid => "987654321")
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -678,7 +678,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
     user = create(:user, :auth_provider => "windowslive", :auth_uid => "1234567890")
     OmniAuth.config.add_mock(:windowslive, :uid => user.auth_uid)
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -698,7 +698,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
   def test_login_windowslive_connection_failed
     OmniAuth.config.mock_auth[:windowslive] = :connection_failed
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -722,7 +722,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
   def test_login_windowslive_invalid_credentials
     OmniAuth.config.mock_auth[:windowslive] = :invalid_credentials
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -746,7 +746,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
   def test_login_windowslive_unknown
     OmniAuth.config.add_mock(:windowslive, :uid => "987654321")
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -767,7 +767,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
     user = create(:user, :auth_provider => "github", :auth_uid => "1234567890")
     OmniAuth.config.add_mock(:github, :uid => user.auth_uid)
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -787,7 +787,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
   def test_login_github_connection_failed
     OmniAuth.config.mock_auth[:github] = :connection_failed
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -811,7 +811,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
   def test_login_github_invalid_credentials
     OmniAuth.config.mock_auth[:github] = :invalid_credentials
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -835,7 +835,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
   def test_login_github_unknown
     OmniAuth.config.add_mock(:github, :uid => "987654321")
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -856,7 +856,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
     user = create(:user, :auth_provider => "wikipedia", :auth_uid => "1234567890")
     OmniAuth.config.add_mock(:wikipedia, :uid => user.auth_uid)
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -876,7 +876,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
   def test_login_wikipedia_connection_failed
     OmniAuth.config.mock_auth[:wikipedia] = :connection_failed
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -900,7 +900,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
   def test_login_wikipedia_invalid_credentials
     OmniAuth.config.mock_auth[:wikipedia] = :invalid_credentials
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -924,7 +924,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
   def test_login_wikipedia_unknown
     OmniAuth.config.add_mock(:wikipedia, :uid => "987654321")
 
-    get "/login", :referer => "/history"
+    get "/login", :params => { :referer => "/history" }
     assert_response :redirect
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true", "referer" => "/history"
     follow_redirect!
@@ -960,7 +960,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
       assert_select "[checked]", false
     end
 
-    post "/login", :username => username, :password => "wrong", :remember_me => remember_me, :referer => "/history"
+    post "/login", :params => { :username => username, :password => "wrong", :remember_me => remember_me, :referer => "/history" }
     assert_response :redirect
     follow_redirect!
     assert_response :success
@@ -975,7 +975,7 @@ class UserLoginTest < ActionDispatch::IntegrationTest
       assert_select "[checked]", remember_me == "yes"
     end
 
-    post "/login", :username => username, :password => password, :remember_me => remember_me, :referer => "/history"
+    post "/login", :params => { :username => username, :password => password, :remember_me => remember_me, :referer => "/history" }
     assert_response :redirect
     follow_redirect!
     assert_response :success
diff --git a/test/integration/user_roles_test.rb b/test/integration/user_roles_test.rb
index c2f065e0e..3f6c24248 100644
--- a/test/integration/user_roles_test.rb
+++ b/test/integration/user_roles_test.rb
@@ -26,7 +26,7 @@ class UserRolesTest < ActionDispatch::IntegrationTest
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true"
     follow_redirect!
     assert_response :success
-    post "/login", "username" => create(user).email, "password" => "test", :referer => "/"
+    post "/login", :params => { "username" => create(user).email, "password" => "test", :referer => "/" }
     assert_response :redirect
     follow_redirect!
     assert_response :success
@@ -44,7 +44,7 @@ class UserRolesTest < ActionDispatch::IntegrationTest
     assert_redirected_to "controller" => "user", "action" => "login", "cookie_test" => "true"
     follow_redirect!
     assert_response :success
-    post "/login", "username" => create(user).email, "password" => "test", :referer => "/"
+    post "/login", :params => { "username" => create(user).email, "password" => "test", :referer => "/" }
     assert_response :redirect
     follow_redirect!
     assert_response :success
diff --git a/test/integration/user_terms_seen_test.rb b/test/integration/user_terms_seen_test.rb
index f1cabfc60..dcc7fa7e9 100644
--- a/test/integration/user_terms_seen_test.rb
+++ b/test/integration/user_terms_seen_test.rb
@@ -9,14 +9,14 @@ class UserTermsSeenTest < ActionDispatch::IntegrationTest
     with_terms_seen(true) do
       user = create(:user, :terms_seen => false)
 
-      get "/api/#{API_VERSION}/user/preferences", nil, auth_header(user.display_name, "test")
+      get "/api/#{API_VERSION}/user/preferences", :headers => auth_header(user.display_name, "test")
       assert_response :forbidden
 
       # touch it so that the user has seen the terms
       user.terms_seen = true
       user.save
 
-      get "/api/#{API_VERSION}/user/preferences", nil, auth_header(user.display_name, "test")
+      get "/api/#{API_VERSION}/user/preferences", :headers => auth_header(user.display_name, "test")
       assert_response :success
     end
   end
@@ -30,7 +30,7 @@ class UserTermsSeenTest < ActionDispatch::IntegrationTest
       follow_redirect!
       assert_response :success
       assert_template "user/login"
-      post "/login", :username => user.email, :password => "test", :referer => "/diary/new"
+      post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" }
       assert_response :redirect
       # but now we need to look at the terms
       assert_redirected_to :controller => :user, :action => :terms, :referer => "/diary/new"
@@ -38,7 +38,7 @@ class UserTermsSeenTest < ActionDispatch::IntegrationTest
       assert_response :success
 
       # don't agree to the terms, but hit decline
-      post "/user/save", :decline => true, :referer => "/diary/new"
+      post "/user/save", :params => { :decline => true, :referer => "/diary/new" }
       assert_redirected_to "/diary/new"
       follow_redirect!
 
@@ -57,7 +57,7 @@ class UserTermsSeenTest < ActionDispatch::IntegrationTest
       follow_redirect!
       assert_response :success
       assert_template "user/login"
-      post "/login", :username => user.email, :password => "test", :referer => "/diary/new"
+      post "/login", :params => { :username => user.email, :password => "test", :referer => "/diary/new" }
       assert_response :redirect
       # but now we need to look at the terms
       assert_redirected_to :controller => :user, :action => :terms, :referer => "/diary/new"
@@ -66,7 +66,7 @@ class UserTermsSeenTest < ActionDispatch::IntegrationTest
       # back to the terms page.
       get "/traces/mine"
       assert_redirected_to :controller => :user, :action => :terms, :referer => "/traces/mine"
-      get "/traces/mine", :referer => "/diary/new"
+      get "/traces/mine", :params => { :referer => "/diary/new" }
       assert_redirected_to :controller => :user, :action => :terms, :referer => "/diary/new"
     end
   end