Search code examples
ruby-on-railsrubydeviseauthlogicscrypt

Rails (6.0.4.1): Migrating from Authlogic (6.4.1) that was using SCRYPT to Devise (4.8.1)


I was really hoping to allow existing users on our Rails app (6.0.4.1) that is currently using Authlogic (6.4.1) to be able to log in using existing passwords when we migrate to Devise (4.8.1).

Every article that I've seen has a nice explanation of how to do it IF the encryption is SHA-512. In those cases you modify config/initializers/devise.rb and setting config.encryptor = :authlogic_sha512 (source: https://gist.github.com/rpheath/8343779).

However, at some point our app moved from SHA-512 to SCRYPT by doing the following in order to transition users smoothly:

acts_as_authentic do |c|
    c.transition_from_crypto_providers = [Authlogic::CryptoProviders::Sha512]
    c.crypto_provider = Authlogic::CryptoProviders::SCrypt
end

The problem that I'm having now is that I don't know how to migrate to Devise properly in this use case. I do know that our Users table has (prior to Devise) a crypted_password and password_salt field. SCRYPT seems to have a lot more settings to configure.

Any help that you can provide is much appreciated. Thank you!


Solution

  • Per https://github.com/heartcombo/devise/issues/3779, use devise-scrypt.

    The common solution for this still seems to be using the devise-encryptors and devise-scrypt gems which means a number of additional of moving parts.

    Yes, Devise supports other encryptors via extensions, that's the way to go. -José Valim