Menu
I'm currently working on a Rails app which stores plain clear passwords (...). So I'm migrating to Authlogic authentication with a 'standard' SHA512 encryption.
I did that which works fine :
#file /models/user.rb
class User < ActiveRecord::Base
acts_as_authentic { |c|
c.transition_from_crypto_providers = [MyOwnNoCrypto, Authlogic::CryptoProviders::Sha512]
}
end
#file /lib/my_own_no_crypto.rb
class MyOwnNoCrypto
def self.encrypt(*tokens)
return tokens[0] # or tokens.join I guess
end
def self.matches?(crypted_password, *tokens)
return crypted_password == tokens.join
end
end
It's nice -- and works just fine -- but I wonder if there is a sexier way to do that, perhaps with an Authlogic core option ?
Thanks !
836
I agree with the part of thomasfedb's answer that suggests a one-time transition rather than using AuthLogic's transition model. In this case, you want to encrypt those passwords as soon as possible, not the next time the user signs in. Instead of a Rake task, though, I might suggest a migration:
# in db/migrate/nnnnnnnn_encrypt_passwords.rb:
class EncryptPasswords < ActiveRecord::Migration
def self.up
add_column :users, :crypted_password
User.each do |u|
u.encrypt_password!
end
remove_column :users, :password
end
def self.down
raise IrreversibleMigration.new('Cannot decrypt user passwords')
end
end
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
