Migrating from clear password storage to authlogic

Question

Hi !

I'm currently working on a Rails app which stores plain clear passwords (...). So I'm migrating to Authlogic authentication with a 'standard' SHA512 encryption.

I did that which works fine :

#file /models/user.rb
class User < ActiveRecord::Base

  acts_as_authentic { |c|
    c.transition_from_crypto_providers = [MyOwnNoCrypto, Authlogic::CryptoProviders::Sha512]
  } 
end

#file /lib/my_own_no_crypto.rb
class MyOwnNoCrypto
  def self.encrypt(*tokens)
    return tokens[0] # or tokens.join I guess
  end

  def self.matches?(crypted_password, *tokens)
    return crypted_password == tokens.join
  end
end

It's nice -- and works just fine -- but I wonder if there is a sexier way to do that, perhaps with an Authlogic core option ?

Thanks !

Answer 1

Personally I would write a migration to migrate all the plaintext passwords into crypted one's. You may befifite for defining your own bare-bones Model in the migration to allow nice low-level access.

Answer 2

I agree with the part of thomasfedb's answer that suggests a one-time transition rather than using AuthLogic's transition model. In this case, you want to encrypt those passwords as soon as possible, not the next time the user signs in. Instead of a Rake task, though, I might suggest a migration:

# in db/migrate/nnnnnnnn_encrypt_passwords.rb:

class EncryptPasswords < ActiveRecord::Migration
  def self.up
    add_column :users, :crypted_password
    User.each do |u|
      u.encrypt_password!
    end
    remove_column :users, :password
  end

  def self.down
    raise IrreversibleMigration.new('Cannot decrypt user passwords')
  end
end