rails authentication: authlogic to devise

Are you using authlogic for authentication purpose in your rails application and now want to switch to Devise?

Overview of Authlogic:

  user = User.find_by_email('test2@endpoint.com')
  actual_password = "password"
  digest = "#{actual_password}#{user.salt}"
  20.times { digest = Digest::SHA512.hexdigest(digest) }
  # compare digest and user.crypted_password here to verify password

Note that the stretches value for Authlogic defaults to 20, but it can be adjusted. Also note that Authlogic uses the SHA-512 hash function by default.
For password, it adds ‘password_hash’ and ‘password_salt’ columns, to store those encrypted values.

Devise: Devise uses ‘bcrypt’ algorithm and has ‘encrypted_password’  column.

Now the challenge was to migrate old users with their passwords, so that they can login with their existing email and password.

So its pretty much easy with following steps:

1. Have a look at devise documentation. Devise has provided a nice detailed documentation with proper steps and examples.
Devise Doc

2. In your gemfile

  gem 'devise',              '~> 3.2.4'
  gem 'devise-encryptable',  '~> 0.2.0'
  # Require the `devise-encryptable` gem when using anything other than bcrypt

3. From command-line

  rails generate devise:install

The generator will install an initializer which describes ALL Devise’s configuration options

4. For devise views:

  rails generate devise:views

5. In your config/initializers/devise.rb
To retain the old users with their login credentials (email and passwords) we will use the encryption algorithm ‘authlogic_sha512’

  config.stretches = 20
  config.encryptor = :authlogic_sha512

6. Migration for users to have devise authentication with ‘authlogic_sha512’ algorithm.
Here we will rename password_hash -> encrypted_password and few other columns

class AuthlogicToDevise < ActiveRecord::Migration
  def self.up
    add_column :users, :reset_password_token, :string
    add_column :users, :reset_password_sent_at, :datetime
    add_column :users, :remember_token, :string
    add_column :users, :remember_created_at, :datetime
    add_column :users, :authentication_token, :string
    add_column :users, :confirmation_token, :string, limit: 255
    add_column :users, :confirmed_at, :timestamp
    add_column :users, :confirmation_sent_at, :timestamp
    
    execute "UPDATE users SET confirmed_at = created_at, confirmation_sent_at = created_at"

    rename_column :users, :password_hash, :encrypted_password
    rename_column :users, :current_login_at, :current_sign_in_at
    rename_column :users, :last_login_at, :last_sign_in_at
    rename_column :users, :current_login_ip, :current_sign_in_ip
    rename_column :users, :last_login_ip, :last_sign_in_ip
    rename_column :users, :login_count, :sign_in_count

    remove_column :users, :persistence_token
    remove_column :users, :single_access_token
    remove_column :users, :perishable_token
    remove_column :users, :last_request_at
  end

  def self.down
    add_column :users, :perishable_token, :string
    add_column :users, :single_access_token, :string
    add_column :users, :persistence_token, :string
    add_column :users, :last_request_at, :AuthlogicToDevisemestamp

    rename_column :users, :encrypted_password, :password_hash
    rename_column :users, :current_sign_in_at, :current_login_at
    rename_column :users, :last_sign_in_at, :last_login_at
    rename_column :users, :current_sign_in_ip, :current_login_ip
    rename_column :users, :last_sign_in_ip, :last_login_ip
    rename_column :users, :sign_in_count, :login_count

    remove_column :users, :confirmation_token
    remove_column :users, :confirmed_at
    remove_column :users, :confirmation_sent_at
    remove_column :users, :authentication_token
    remove_column :users, :remember_created_at
    remove_column :users, :remember_token
    remove_column :users, :reset_password_sent_at
    remove_column :users, :reset_password_token
  end
end

7. Configure your user model with including the modules you want to have like Database Authenticatable, Confirmable, Rememberable etc. and add validations if required.

Thats it 🙂

Feel free to comment with your doubts or any suggestions.. Thanks.. 🙂

Advertisements

One thought on “rails authentication: authlogic to devise

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s