I've been working on a project where I inherited a database with over 9,000 users. The passwords are stored as an MD5 hash, with no salt. For obvious reasons, I wanted to transition the old authentication scheme and architecture over to authlogic. This post by Ben Johnson pointed me in the right direction.
The problem I ran into was that the column where the hashed passwords are stored was not one of the default authlogic fields (:crypted_password, :encrypted_password, :password_hash, or :pw_hash). It was simple to make this work with a legacy column name that's not a default, just tell authlogic what the crypted_password_field is:
class User < ActiveRecord::Base
acts_as_authentic do |c|
c.crypted_password_field = :hashed_password #my legacy password column
c.transition_from_crypto_providers = Authlogic::CryptoProviders::MD5 #old password encryption scheme
end
end
Now, as users log in, they will be migrated to the scheme, transparently. I didn't specify what I want the new encryption scheme to be, and therefore authlogic will use the CryptoProviders::Sha512 scheme. Simple.
See also: Module: Authlogic::ActsAsAuthentic::Password::Config
No related posts.