Tutorial: Easily migrate from restful_authentication to Authlogic

I’ve been getting a lot of emails asking the best way to migrate from restful_authentication. Where it gets complicated is in the password encryption methods. Authlogic and restful_authentication use different methods. You don’t want to change this method because it will break backwards compatibility with your current passwords, meaning no one will be able to log into their account. Fear not, because I did all of the hard work for you…

Use the same password algorithm as restful_authentication

# app/models/user.rb
class User < ActiveRecord::Base
  acts_as_authentic do |c|
    c.act_like_restful_authentication = true
  end
end

Transition to one of Authlogic password algorithms

The first thing you need to do is make sure your database field “crypted_password” and “salt” allow for the storage of at least 128 characters (assuming you are migrating to Sha512). restful_authentication uses Sha1 which is 40 characters. If you are limiting the size, you need to create a migration that looks similar to.

change_column :users, :crypted_password, :string, :limit => 128,
  :null => false, :default => ""

change_column :users, :salt, :string, :limit => 128,
  :null => false, :default => ""

Now just tell acts_as_authentic what you are doing:

# app/models/user.rb
class User
  acts_as_authentic do |c|
    c.transition_from_restful_authentication = true
  end
end

You could pass an optional argument to transition to any password algorithm you want. By default Authlogic uses the Sha512 algorithm, but let’s say you wanted to transition to the BCrypt algorithm. No problem

# app/models/user.rb
class User < ActiveRecord::Base
  acts_as_authentic :transition_from_restful_authentication => true,
    :crypto_provider => Authlogic::CryptoProviders::BCrypt
end

For more information on BCrypt checkout my blog post about it.

What’s the difference?

act_like_restful_authentication will not change a thing, your users passwords will remain in the same format. From your database’s perspective, it will be as if you are using restful_authentication.

transition_from_restful_authentication starts changing your users passwords using the Authlogic passwords system that you specify with the :crypto_provider option. How does it do this? It’s simple, every time a user successfully logs in and their password is encrypted with the restful_authentication algorithm it will update their password with the Authlogic algorithm. When a new account is created it will use the Authlogic algorithm. This allows your user base to slowly transition and allowing them to still be able to log in.

That’s it. I’m not going to go into the Authlogic set up because I already have a tutorial on this.

Let me know what you think or if you have any questions.

  • Share/Save/Bookmark


9 Responses to “Tutorial: Easily migrate from restful_authentication to Authlogic”

  1. Dmitry says:

    nice, but plugin is not i18n compatible..

  2. Ben Johnson says:

    Yes it is….

  3. Jacek Becela says:

    Thanks for the tutorial, following it now ;)

  4. Brian Johnson says:

    I’m a little confused on this, I made the changes, but I’m still not able to login. What DB changes need to be made? The tutorial makes it sound like it just uses everything as-is, if that’s the case, then I’ll try to figure out what I’m doing wrong.

  5. Ben Johnson says:

    If you notice, in the tutorial, it mentions migrating your db so that your columns allow for long enough strings. If you are migrating to a new algorithm I would just remove the limit all together. If you are acting like restful authentication then nothing needs to change.

  6. David Baldwin says:

    Awesome plugin Ben. Do you think it would be worth it to make a check and throw an error if the crypted_pw and salt db columns do not allow the necessary amount of characters? Otherwise it’s not terribly difficult to generate an unusable truncated Sha512 password. I also suppose it’s not terribly difficult to read the directions. :)

  7. Kevin says:

    Is there a way to know which accounts have been updated ? Then II’ll know when everybody is switched over…

  8. Raphael says:

    While migrating from restful_auth to authlogic I’m trying to find how to handle nicely the generation of password for new user (I know it’s not secure to send it by email but I’m not working on sensitive data ;-). How would you handle this ?

  9. IdahoEV says:

    It would be great if there were a migration pathway for test and specs as well. restful_authentication has the helper "login_as" which takes either a person/user model or a symbol identifying a person/user fixture.

    Not having this in authlogic makes migrating specs and tests – especially those that use fixtures instead of mocks – a tremendous load of work.