diff --git a/Gemfile.lock b/Gemfile.lock
index 5b21d9312..f4a609ffc 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -81,7 +81,7 @@ GEM
     coderay (1.1.0)
     columnize (0.8.9)
     debugger-linecache (1.2.0)
-    devise (3.4.0)
+    devise (3.4.1)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 3.2.6, < 5)
@@ -120,7 +120,7 @@ GEM
     mail (2.6.1)
       mime-types (>= 1.16, < 3)
     method_source (0.8.2)
-    mime-types (2.4.2)
+    mime-types (2.4.3)
     minitest (5.4.2)
     minitest-focus (1.1.0)
       minitest (>= 4, < 6)
@@ -193,10 +193,10 @@ GEM
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.1.4)
+    sprockets-rails (2.2.0)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
-      sprockets (~> 2.8)
+      sprockets (>= 2.8, < 4.0)
     sqlite3 (1.3.9)
     thor (0.19.1)
     thread_safe (0.3.4)
diff --git a/app/controllers/devise_token_auth/application_controller.rb b/app/controllers/devise_token_auth/application_controller.rb
index aa285b7bf..05d973720 100644
--- a/app/controllers/devise_token_auth/application_controller.rb
+++ b/app/controllers/devise_token_auth/application_controller.rb
@@ -2,5 +2,40 @@ module DeviseTokenAuth
   class ApplicationController < DeviseController
     include DeviseTokenAuth::Concerns::SetUserByToken
     respond_to :json
+
+    def success_message(message = nil)
+      json_response = { status: 'success' }
+      json_response[:message] = message if message
+      json_response
+    end
+
+    def error_messages(*args)
+      {
+        status: 'error',
+        errors: args
+      }
+    end
+
+    def resource_serializer(resource)
+      {
+        status: "success",
+        data: resource.as_json(except: [:tokens, :created_at, :updated_at])
+      }
+    end
+
+    def error_serializer(*args)
+      resource = args[0]
+      response = {
+        status: "error",
+        data: resource.as_json(except: [:tokens, :created_at, :updated_at])
+      }
+      if args.length > 1
+        args.shift
+        response[:errors] = args
+      else
+        response[:errors] = resource.errors.to_hash.merge(full_messages: resource.errors.full_messages)
+      end
+      response
+    end
   end
 end
diff --git a/app/controllers/devise_token_auth/passwords_controller.rb b/app/controllers/devise_token_auth/passwords_controller.rb
index 5c5bc6f43..0f247d2aa 100644
--- a/app/controllers/devise_token_auth/passwords_controller.rb
+++ b/app/controllers/devise_token_auth/passwords_controller.rb
@@ -7,17 +7,11 @@ class PasswordsController < DeviseTokenAuth::ApplicationController
     # sending emails
     def create
       unless resource_params[:email].present?
-        return render json: {
-          success: false,
-          errors: ['You must provide an email address.']
-        }, status: 401
+        return render json: error_messages('You must provide an email address.'), status: 401
       end
 
       unless params[:redirect_url]
-        return render json: {
-          success: false,
-          errors: ['Missing redirect url.']
-        }, status: 401
+        return render json: error_messages('Missing redirect url.'), status: 401
       end
 
       @user = resource_class.where({
@@ -34,11 +28,9 @@ def create
         })
 
         if @user.errors.empty?
-          render json: {
-            success: true,
-            message: "An email has been sent to #{@user.email} containing "+
-              "instructions for resetting your password."
-          }
+          render json: success_message(
+            "An email has been sent to #{@user.email} containing instructions for resetting your password."
+          )
         else
           errors = @user.errors
         end
@@ -47,10 +39,7 @@ def create
       end
 
       if errors
-        render json: {
-          success: false,
-          errors: errors
-        }, status: 400
+        render json: error_messages(*errors), status: 400
       end
     end
 
@@ -91,33 +80,18 @@ def edit
     def update
       # make sure user is authorized
       unless @user
-        return render json: {
-          success: false,
-          errors: ['Unauthorized']
-        }, status: 401
+        return render json: error_messages('Unauthorized'), status: 401
       end
 
       # ensure that password params were sent
       unless password_resource_params[:password] and password_resource_params[:password_confirmation]
-        return render json: {
-          success: false,
-          errors: ['You must fill out the fields labeled "password" and "password confirmation".']
-        }, status: 422
+        return render json: error_messages('You must fill out the fields labeled "password" and "password confirmation".'), status: 422
       end
 
       if @user.update_attributes(password_resource_params)
-        return render json: {
-          success: true,
-          data: {
-            user: @user,
-            message: "Your password has been successfully updated."
-          }
-        }
+        return render json: resource_serializer(@user)
       else
-        return render json: {
-          success: false,
-          errors: @user.errors
-        }, status: 422
+        return render json: error_serializer(@user), status: 422
       end
     end
 
diff --git a/app/controllers/devise_token_auth/registrations_controller.rb b/app/controllers/devise_token_auth/registrations_controller.rb
index 875cffaba..d07bb00b6 100644
--- a/app/controllers/devise_token_auth/registrations_controller.rb
+++ b/app/controllers/devise_token_auth/registrations_controller.rb
@@ -46,46 +46,26 @@ def create
             update_auth_header
           end
 
-          render json: {
-            status: 'success',
-            data:   resource.as_json
-          }
+          render json: resource_serializer(resource)
         else
           clean_up_passwords resource
-          render json: {
-            status: 'error',
-            data:   resource,
-            errors: resource.errors.to_hash.merge(full_messages: resource.errors.full_messages)
-          }, status: 403
+          render json: error_serializer(resource), status: 403
         end
       rescue ActiveRecord::RecordNotUnique
         clean_up_passwords resource
-        render json: {
-          status: 'error',
-          data:   resource,
-          errors: ["An account already exists for #{resource.send(resource_class.authentication_keys.first)}"]
-        }, status: 403
+        render json: error_serializer(resource, "An account already exists for #{resource.send(resource_class.authentication_keys.first)}"), status: 403
       end
     end
 
     def update
       if @user
         if @user.update_attributes(account_update_params)
-          render json: {
-            status: 'success',
-            data:   @user.as_json
-          }
+          render json: resource_serializer(@user)
         else
-          render json: {
-            status: 'error',
-            errors: @user.errors
-          }, status: 403
+          render json: error_serializer(@user), status: 403
         end
       else
-        render json: {
-          status: 'error',
-          errors: ["User not found."]
-        }, status: 404
+        render json: error_messages("User not found."), status: 404
       end
     end
 
@@ -93,15 +73,9 @@ def destroy
       if @user
         @user.destroy
 
-        render json: {
-          status: 'success',
-          message: "Account with uid #{@user.uid} has been destroyed."
-        }
+        render json: success_message("Account with uid #{@user.uid} has been destroyed.")
       else
-        render json: {
-          status: 'error',
-          errors: ["Unable to locate account for destruction."]
-        }, status: 404
+        render json: error_messages("Unable to locate account for destruction."), status: 404
       end
     end
 
diff --git a/app/controllers/devise_token_auth/sessions_controller.rb b/app/controllers/devise_token_auth/sessions_controller.rb
index 8b5f8f748..8e6c118cb 100644
--- a/app/controllers/devise_token_auth/sessions_controller.rb
+++ b/app/controllers/devise_token_auth/sessions_controller.rb
@@ -18,11 +18,7 @@ def create
       }
       @user.save
       yield resource if block_given?
-      render json: {
-        data: resource.as_json(except: [
-            :tokens, :confirm_success_url, :reset_password_redirect_url, :created_at, :updated_at
-        ])
-      }
+      render json: resource_serializer(resource)
     end
 
     def auth_options
@@ -39,14 +35,10 @@ def destroy
         user.tokens.delete(client_id)
         user.save!
 
-        render json: {
-          success:true
-        }, status: 200
+        render json: success_message, status: 200
 
       else
-        render json: {
-          errors: ["User was not found or was not logged in."]
-        }, status: 404
+        render json: error_messages("User was not found or was not logged in."), status: 404
       end
     end
 
diff --git a/app/controllers/devise_token_auth/token_validations_controller.rb b/app/controllers/devise_token_auth/token_validations_controller.rb
index d0348d1a5..e77018bee 100644
--- a/app/controllers/devise_token_auth/token_validations_controller.rb
+++ b/app/controllers/devise_token_auth/token_validations_controller.rb
@@ -6,18 +6,12 @@ class TokenValidationsController < DeviseTokenAuth::ApplicationController
     def validate_token
       # @user will have been set by set_user_token concern
       if @user
-        render json: {
-          success: true,
-          data: @user.as_json(except: [
-            :tokens, :created_at, :updated_at
-          ])
-        }
+        render json: resource_serializer(@user)
       else
-        render json: {
-          success: false,
-          errors: ["Invalid login credentials"]
-        }, status: 401
+        render json: error_messages("Invalid login credentials"), status: 401
       end
     end
+
+
   end
 end