-
-
Save matthewlehner/2837902 to your computer and use it in GitHub Desktop.
Migrate Authlogic SHA512 Passwords to BCryt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Because we have some old legacy users in the database, we need to | |
| # override #has_secure_passwords' method for checking if a password is valid. | |
| # We first ask if the password is valid, and if it throws an InvalidHash | |
| # exception, we know that we're dealing with a legacy user, so we check the | |
| # password against the SHA1 algorithm that was used to hash the password in | |
| # the old database. | |
| #SOURCES OF SOLUTION: | |
| # http://stackoverflow.com/questions/6113375/converting-existing-password-hash-to-devise | |
| # https://github.com/binarylogic/authlogic/blob/master/lib/authlogic/crypto_providers/sha512.rb | |
| # https://github.com/plataformatec/devise/blob/master/lib/devise/encryptors/authlogic_sha512.rb | |
| # using old authlogic with crypted_password | |
| def valid_password?(password) | |
| begin | |
| authenticate(password) | |
| rescue BCrypt::Errors::InvalidHash | |
| stretches = 20 | |
| digest = [password, password_salt].flatten.join('') | |
| stretches.times {digest = Digest::SHA512.hexdigest(digest)} | |
| if digest == self.crypted_password | |
| self.generate_token(:auth_token) | |
| self.password = self.password_confirmation = password | |
| # deletes sha512 once user has logged in and updated to bcrypt | |
| self.crypted_password = self.password_salt = nil | |
| self.save | |
| return true | |
| else | |
| # If not BCryt password and not old Authlogic SHA512 password Dosn't my user | |
| return false | |
| end | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment