-
-
Save daz/5704137 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Because we have some old legacy users in the database, we need to | |
| # override #has_secure_passwords' method for checking if a password is valid. | |
| # We first ask if the password is valid, and if it throws an InvalidHash | |
| # exception, we know that we're dealing with a legacy user, so we check the | |
| # password against the SHA1 algorithm that was used to hash the password in | |
| # the old database. | |
| #SOURCES OF SOLUTION: | |
| # http://stackoverflow.com/questions/6113375/converting-existing-password-hash-to-devise | |
| # https://github.com/binarylogic/authlogic/blob/master/lib/authlogic/crypto_providers/sha512.rb | |
| # https://github.com/plataformatec/devise/blob/master/lib/devise/encryptors/authlogic_sha512.rb | |
| # using old authlogic with crypted_password | |
| has_secure_password | |
| def authenticate(password) | |
| begin | |
| super(password) | |
| rescue ::BCrypt::Errors::InvalidHash | |
| stretches = 20 | |
| digest = [password, password_salt].flatten.join('') | |
| stretches.times {digest = Digest::SHA512.hexdigest(digest)} | |
| if digest == self.encrypted_password | |
| self.password = self.password_confirmation = password | |
| # deletes sha512 once user has logged in and updated to bcrypt | |
| self.encrypted_password = self.password_salt = nil | |
| self.save | |
| return true | |
| else | |
| # if bcrypt password and not old authlogic sha512 password doesn't authenticate user | |
| return false | |
| end | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment