从Restful身份验证迁移到Devise

时间:2011-01-11 11:32:51

标签: ruby-on-rails authentication

许多Rails 2.3应用程序正在使用Restful Authentication,但该插件似乎与Rails 3有一些问题。在升级到Rails 3时,我一直在使用Devise。有没有办法从Restful Authentication顺利过渡到Devise?有没有人做过迁移,显示如何更新用户模型?

5 个答案:

答案 0 :(得分:15)

这是从restful_authentication到devise

的迁移的一个很好的指南

https://github.com/plataformatec/devise/wiki/How-To:-Migrate-from-restful_authentication-to-Devise

编辑原因:之前的链接将人们带到空白页面。

答案 1 :(得分:14)

我已将我的应用程序从Restful Authentication更新为Devise。这是我的迁移:

class AlterUsersForDevise < ActiveRecord::Migration
  def self.up
    remove_column :users, :name
    change_column :users, :email, :string, :default => "", :null => false, :limit => 128
    rename_column :users, :crypted_password, :encrypted_password
    change_column :users, :encrypted_password, :string, :limit => 128, :default => "", :null => false
    rename_column :users, :salt, :password_salt
    change_column :users, :password_salt, :string, :default => "", :null => false, :limit => 255
    add_column :users, :reset_password_token, :string
    change_column :users, :remember_token, :string, :limit => 255
    rename_column :users, :remember_token_expires_at, :remember_created_at

    add_column :users, :sign_in_count, :integer, :default => 0
    add_column :users, :current_sign_in_at, :datetime
    add_column :users, :last_sign_in_at, :datetime
    add_column :users, :current_sign_in_ip, :string
    add_column :users, :last_sign_in_ip, :string

    rename_column :users, :activation_code, :confirmation_token
    change_column :users, :confirmation_token, :string, :limit => 255
    rename_column :users, :activated_at, :confirmed_at

    add_column :users, :confirmation_sent_at, :datetime
  end

  def self.down
    add_column :users, :name, :string, :limit => 100, :default => ""
    rename_column :users, :encrypted_password, :crypted_password
    change_column :users, :crypted_password, :string, :limit => 40
    rename_column :users, :password_salt, :salt
    change_column :users, :salt, :string, :limit => 40
    remove_column :users, :reset_password_token
    change_column :users, :remember_token, :string, :limit => 40
    rename_column :users, :remember_created_at, :remember_token_expires_at

    remove_column :users, :sign_in_count
    remove_column :users, :current_sign_in_at
    remove_column :users, :last_sign_in_at
    remove_column :users, :current_sign_in_ip
    remove_column :users, :last_sign_in_ip

    rename_column :users, :confirmation_token, :activation_code
    change_column :users, :confirmation_token, :string, :limit => 40
    rename_column :users, :confirmed_at, :activated_at

    remove_column :users, :confirmation_sent_at
  end
end

到目前为止我的申请还没有上线。所以我使用Devise的密码加密而不是Restful Authorization的加密。如果您的应用程序已处于活动状态,并且您有活动用户,则应配置Devise以使用Restful Authentication中的SHA1来解密和解密密码。否则,您的所有用户都必须申请新密码。

您可以在设计初始化程序中配置它。

希望有帮助...

答案 2 :(得分:11)

以下是如何克服密码问题:

你需要像这样制作一个自定义加密器:

# /config/initializers/devise_encryptor.rb
require "digest/sha1"  

module Devise
  module Encryptors
    class OldRestfulAuthentication < Base
      def self.digest(password, stretches, salt, pepper)
        Digest::SHA1.hexdigest("--#{salt}--#{password}--")
      end
    end
  end
end

然后在devise.rb中选择它,如下所示:

config.encryptor = :old_restful_authentication

应该这样做!

答案 3 :(得分:2)

我遇到了密码加密问题(但我找到了答案,请参阅我的其他回复)。旧的应用程序使用旧版本的Restful Authentication。它正在处理密码加密:

# before filter
def encrypt_password
  return if password.blank?
  self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
  self.crypted_password = encrypt(password)
end

# Encrypts some data with the salt.
def self.encrypt(password, salt)
  Digest::SHA1.hexdigest("--#{salt}--#{password}--")
end

# Encrypts the password with the user salt
def encrypt(password)
  self.class.encrypt(password, salt)
end

如果我将Devise的config.encryptor设置为:restful_authentication_sha1则不起作用。

答案 4 :(得分:1)

在我的情况下,它可以工作(在旧gem restful_authentication 中分析 authentication.rb by_password.rb ):

config / initializers / devise.rb 添加:

config.encryptor = :restful_authentication
config.stretches = 10 #REST_AUTH_DIGEST_STRETCHES frome Restful Authentication file config/initializers/site_key.rb
config.pepper = 'mashauronilavrechkumyachik' #REST_AUTH_SITE_KEY frome Restful Authentication file config/initializers/site_key.rb

app / models / user.rb add:encryptable 

devise :database_authenticatable, :registerable,
       :recoverable, :rememberable, :trackable, :validatable,
       :encryptable, :omniauthable, :authentication_keys => [:login]

config / initializers / devise_encryptor.rb 用此创建:

# -*- encoding : utf-8 -*-
require "digest/sha1"

module Devise
  module Encryptable
    module Encryptors
      class RestfulAuthentication < Base

        def self.digest(password, stretches, salt, pepper)
          digest = pepper
          stretches.times do
            digest = secure_digest(digest, salt, password, pepper)
          end
          digest
        end

        def self.secure_digest(*args)
          Digest::SHA1.hexdigest(args.flatten.join('--'))
        end

        def self.encrypt_password
          return if password.blank?
          self.password_salt = make_token if new_record?
          self.encrypted_password = encrypt(password)
        end

        def self.make_token
          secure_digest(Time.now, (1..10).map{ rand.to_s })
        end

        def self.encrypt(password)
          self.password_digest(password, stretches, salt, pepper)
        end
      end
    end
   end
end
相关问题
最新问题