user.rb

class User < ActiveRecord::Base
  alias :devise_valid_password? :valid_password?

  def valid_password?(password)
    begin
      devise_valid_password?(password)
    rescue BCrypt::Errors::InvalidHash
      return false unless Digest::SHA1.hexdigest(password) == encrypted_password
      logger.info "User #{email} is using the old password hashing method, updating attribute."
      self.password = password
      true
    end
  end
end

Thanks for great example! You saved me some time today :-)

One more tip. If you are using salt in legacy user, its also good to clear that value. This way you will know how many users has already been updated. And I also had to manually save loaded object.

self.password = password
self.salt = nil
self.save
true