diff --git a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb
index 3af49e082..cf13eefdf 100644
--- a/app/controllers/devise_token_auth/concerns/set_user_by_token.rb
+++ b/app/controllers/devise_token_auth/concerns/set_user_by_token.rb
@@ -58,7 +58,7 @@ def set_user_by_token(mapping=nil)
     return false unless @token
 
     # mitigate timing attacks by finding by uid instead of auth token
-    user = uid && rc.find_by_uid(uid)
+    user = uid && rc.find_by(uid: uid)
 
     if user && user.valid_token?(@token, @client_id)
       # sign_in with bypass: true will be deprecated in the next version of Devise
diff --git a/test/dummy/app/controllers/overrides/sessions_controller.rb b/test/dummy/app/controllers/overrides/sessions_controller.rb
index 3be969c34..4526dfd5c 100644
--- a/test/dummy/app/controllers/overrides/sessions_controller.rb
+++ b/test/dummy/app/controllers/overrides/sessions_controller.rb
@@ -3,7 +3,7 @@ class SessionsController < DeviseTokenAuth::SessionsController
     OVERRIDE_PROOF = "(^^,)"
 
     def create
-      @resource = resource_class.find_by_email(resource_params[:email])
+      @resource = resource_class.find_by(email: resource_params[:email])
 
       if @resource and valid_params?(:email, resource_params[:email]) and @resource.valid_password?(resource_params[:password]) and @resource.confirmed?
         # create client id