Victor Costa
Reputation: 25
Devise hash password and old password style
I have a User model with email(in this case a registry number) and a encrypted_password with 700 records, it was genereted by devise.
This looks like it
Number encrypted_pasword
345 76576545672
I used this solution to convert this password in a string format to BCrypt valid has, but i'm getting this error
Started POST "/users/sign_in" for ::1 at 2017-03-01 16:23:47 -0300
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"VnOD8783DV191j0CnruEdhDeF15SQjJEW6ilCeJxFRoZqaBuu6PtgRtfpyHeqE43KD6ra9c3e6BLitcltt2qng==", "user"=>{"email"=>"5262", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
User Load (4.0ms) SELECT `users`.* FROM `users` WHERE `users`.`email` = '5262' ORDER BY `users`.`id` ASC LIMIT 1
Completed 500 Internal Server Error in 16ms (ActiveRecord: 4.0ms)
TypeError (no implicit conversion of nil into String):
app/models/user.rb:13:in `digest'
app/models/user.rb:13:in `hexdigest'
app/models/user.rb:13:in `rescue in valid_password?'
app/models/user.rb:10:in `valid_password?'
User Model
class User < ApplicationRecord
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable
alias :devise_valid_password? :valid_password?
def valid_password?(encrypted_password)
begin
super(encrypted_password)
rescue BCrypt::Errors::InvalidHash
return false unless Digest::SHA1.hexdigest(password) == encrypted_password
logger.info "User #{email} is using the old password hashing method, updating attribute."
self.encrypted_password = encrypted_password
true
end
end
end
Make this question is my last attempt to solve it. Thanks for any help!
EDIT
I used this:
return false unless Digest::SHA1.hexdigest(:password.to_s) == encrypted_password
but I recieved this error and I was redirected to login page
Started POST "/users/sign_in" for ::1 at 2017-03-01 17:01:10 -0300
Processing by Devise::SessionsController#create as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"+Gk/T1r1k1zHiLIXFCupiTxOudwcx1lLAQOiS6W7teiU54UUAvB6AvpmZ+LfXBpyiPbq9Z20IZ8bIyZdWqCx8g==", "user"=>{"email"=>"5262", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
User Load (4.0ms) SELECT `users`.* FROM `users` WHERE `users`.`email` = '5262' ORDER BY `users`.`id` ASC LIMIT 1
Completed 401 Unauthorized in 40ms (ActiveRecord: 4.0ms)
Processing by Devise::SessionsController#new as HTML
Parameters: {"utf8"=>"✓", "authenticity_token"=>"+Gk/T1r1k1zHiLIXFCupiTxOudwcx1lLAQOiS6W7teiU54UUAvB6AvpmZ+LfXBpyiPbq9Z20IZ8bIyZdWqCx8g==", "user"=>{"email"=>"5262", "password"=>"[FILTERED]", "remember_me"=>"0"}, "commit"=>"Log in"}
Rendering C:/Ruby23/lib/ruby/gems/2.3.0/gems/devise-4.2.0/app/views/devise/sessions/new.html.erb within layouts/application
Rendered C:/Ruby23/lib/ruby/gems/2.3.0/gems/devise-4.2.0/app/views/devise/shared/_links.html.erb (8.0ms)
Rendered C:/Ruby23/lib/ruby/gems/2.3.0/gems/devise-4.2.0/app/views/devise/sessions/new.html.erb within layouts/application (184.1ms)
Rendered shared-templates/_header.html.erb (8.0ms)
Completed 200 OK in 1963ms (Views: 1627.1ms | ActiveRecord: 0.0ms)
Upvotes: 1
Views: 625
Answers (1)
eiko
Reputation: 5345
Try this:
def valid_password?(input_password)
begin
super(input_password)
rescue BCrypt::Errors::InvalidHash
return false unless Digest::SHA1.hexdigest(input_password) == encrypted_password
logger.info "User #{email} is using the old password hashing method, updating attribute."
self.password= input_password
true
end
end
If you manually hash all your old passwords with bcrypt, you can do this instead:
def valid_password?(password)
begin
super(password)
rescue BCrypt::Errors::InvalidHash
super(Digest::SHA1.hexdigest(password))
end
end
Upvotes: 1