I’ve been getting a lot of emails asking the best way to migrate from restful_authentication. Where it gets complicated is in the password encryption methods. Authlogic and restful_authentication use different methods. You don’t want to change this method because it will break backwards compatibility with your current passwords, meaning no one will be able to log into their account. Fear not, because I did all of the hard work for you…
# app/models/user.rb class User < ActiveRecord::Base acts_as_authentic do |c| c.act_like_restful_authentication = true end end
The first thing you need to do is make sure your database field “crypted_password” and “salt” allow for the storage of at least 128 characters (assuming you are migrating to Sha512). restful_authentication uses Sha1 which is 40 characters. If you are limiting the size, you need to create a migration that looks similar to.
change_column :users, :crypted_password, :string, :limit => 128, :null => false, :default => "" change_column :users, :salt, :string, :limit => 128, :null => false, :default => ""
Now just tell acts_as_authentic what you are doing:
# app/models/user.rb class User acts_as_authentic do |c| c.transition_from_restful_authentication = true end end
You could pass an optional argument to transition to any password algorithm you want. By default Authlogic uses the Sha512 algorithm, but let’s say you wanted to transition to the BCrypt algorithm. No problem
# app/models/user.rb class User < ActiveRecord::Base acts_as_authentic :transition_from_restful_authentication => true, :crypto_provider => Authlogic::CryptoProviders::BCrypt end
For more information on BCrypt checkout my blog post about it.
act_like_restful_authentication will not change a thing, your users passwords will remain in the same format. From your database’s perspective, it will be as if you are using restful_authentication.
transition_from_restful_authentication starts changing your users passwords using the Authlogic passwords system that you specify with the :crypto_provider option. How does it do this? It’s simple, every time a user successfully logs in and their password is encrypted with the restful_authentication algorithm it will update their password with the Authlogic algorithm. When a new account is created it will use the Authlogic algorithm. This allows your user base to slowly transition and allowing them to still be able to log in.
That’s it. I’m not going to go into the Authlogic set up because I already have a tutorial on this.
Let me know what you think or if you have any questions.