I am using the custom made Devise controller.
I moved from PHP to Rails that, old users password are stored in
Devise:user table in form of
"devise_encryption(oldencryption(password))"
If an user login, and app finds out that this user's password is in
form of "devise_encryption(oldencryption(password))", I then change it
in to a form of "devise_encryption(password)" with password =
params[:user][:password]
I am getting the below error when old user tries to login. (new users
who registered after site migration logins just fine)
---------------------------------------------------------------------------
The change you wanted was rejected.
Maybe you tried to change something you didn't have access to.
---------------------------------------------------------------------------
Simple process is that
STEP 1. do the normal login attempt(find user with email&password) as
what devise do, and if authenticate fails, go to step 2
STEP 2. helper function will do login attempt with my old password
encryption style(md5 for example), and look for the user
STEP 3. if user is found (user with
email&devise_encryption(oldencryption(password))), change the @user's
password to the devise_encryption(params[:user][:password]) which just
passed in with Devise password.
Below is the custom devise controller that I am using.
The custom controller looks like this
def create
resource = warden.authenticate!(:scope => resource_name, :recall
=> "oldusercheck") #calling oldusercheck helper function
set_flash_message(:notice, :signed_in)
sign_in_and_redirect(resource_name, resource)
end
def oldusercheck
@user = User.find_by_email(params[:user][:email])
if @user.nil?
set_flash_message(:alert, :invalid)
redirect_to :action=>'new'
else
if @user.valid_password?(Digest::MD5.hexdigest(params[:user]
[:password])) # Authenticates against Devise
@user.password = @user.password_confirmation = params[:user]
[:password] #Save the password with given param
@user.save! # Encrypts the password with Devise
set_flash_message(:notice, :signed_in)
sign_in_and_redirect(resource_name, @user)
else
set_flash_message(:alert, :invalid)
redirect_to :action=>'new'
end
end
end
It think the problem is caused by lines .. (I don't know if below
lines actually cause the problem..)
@user.password = @user.password_confirmation = params[:user]
[:password] #Save the password with given param
@user.save! # Encrypts the password with Devise
Is this not a correct way to change the password?
Its weird that things work just fine in Development, but does not work
well in Production
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
