将现有的密码哈希转换为设计 [英] Converting existing password hash to Devise

问题描述

我正在尝试将现有的 Admin 模型转换为 Devise.我们已经有了一个密码哈希，但它显然与 Devise 不兼容.我想做的是接受登录表单并根据加密密码检查提供的密码.如果不正确，使用旧的哈希值检查密码，如果匹配，则清空旧的password_hash 字段并将Devise 的密码设置为提供的密码并保存模型.

I'm trying to convert an existing Admin model to Devise. We already have a password hash but it's obviously not Devise compatible. What I would like to do is accept the login form and check the provided password against the encrypted password. If it's not correct, use the old hash to check the password and if it matches, empty the old password_hash field and set Devise's password to the provided password and save the model.

前进的最佳方式是什么?我怀疑我需要覆盖一些东西，也许是在自定义控制器中，但我不完全确定如何继续.

What's the best way to move forward? I suspect that I need to override something, perhaps in a custom controller, but I'm not entirely sure how to proceed.

推荐答案

你可以让 Devise 完成使用新的 crypt 方案加密密码的艰苦工作"，如 https://gist.github.com/1704632:

You can let Devise do the "hard work" of encrypting the password with the new crypt scheme, as shown in https://gist.github.com/1704632:

class User < ActiveRecord::Base
  alias :devise_valid_password? :valid_password?

  def valid_password?(password)
    begin
      super(password)
    rescue BCrypt::Errors::InvalidHash
      return false unless Digest::SHA1.hexdigest(password) == encrypted_password
      logger.info "User #{email} is using the old password hashing method, updating attribute."
      self.password = password
      true
    end
  end
end

这篇关于将现有的密码哈希转换为设计的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！