views:

313

answers:

1

I've previously implemented Authlogic for authorization on my site. Now however I wish to switch over to using Devise instead, and I'm wondering if anyone has any experience with this. Perhaps anyone's seen a blog post on the subject?

Thank you.

+5  A: 

I myself switched from Authlogic to Devise recently and also didn't find any articles. However, in the simple case, once you've thrown away all of your user_session and other authlogic-related code, the main piece of work is converting your old users table to the format expected by devise.

My old table looked like this:

      Column       |           Type           |                     Modifiers                      
-------------------+--------------------------+----------------------------------------------------
 id                | integer                  | not null default nextval('users_id_seq'::regclass)
 login             | character varying(256)   | not null
 password          | character varying(64)    | not null
 created_at        | timestamp with time zone | not null
 updated_at        | timestamp with time zone | not null
 persistence_token | character varying(255)   | not null
Indexes:
    "users_pkey" PRIMARY KEY, btree (id)
    "index_users_on_persistence_token" UNIQUE, btree (persistence_token)
    "users_login_key" UNIQUE, btree (login)

and I determined that the table would have to contain at least the following info for devise (with many optional features enabled):

 id                   | integer                     | not null default nextval('contributors_id_seq'::regclass)
 email                | character varying(255)      | not null default ''::character varying
 encrypted_password   | character varying(128)      | not null default ''::character varying
 password_salt        | character varying(255)      | not null default ''::character varying
 confirmation_token   | character varying(255)      | 
 confirmed_at         | timestamp without time zone | 
 confirmation_sent_at | timestamp without time zone | 
 reset_password_token | character varying(255)      | 
 remember_token       | character varying(255)      | 
 remember_created_at  | timestamp without time zone | 
 sign_in_count        | integer                     | default 0
 current_sign_in_at   | timestamp without time zone | 
 last_sign_in_at      | timestamp without time zone | 
 current_sign_in_ip   | character varying(255)      | 
 last_sign_in_ip      | character varying(255)      | 
 failed_attempts      | integer                     | default 0
 unlock_token         | character varying(255)      | 
 locked_at            | timestamp without time zone | 
 created_at           | timestamp without time zone | 
 updated_at           | timestamp without time zone | 

So here's the "up" migration code I ended up using (with PostgreSQL):

add_column :users, :email, :string, :limit => 255
execute "UPDATE users SET email = login || '@somedomain.net'"
execute "ALTER TABLE users ALTER email SET NOT NULL"

add_column :users, :encrypted_password, :string, :limit => 128
add_column :users, :password_salt, :string, :limit => 255

require 'devise/encryptors/bcrypt'
ConversionUser.find(:all).each do |u|
  password_salt = Devise::Encryptors::Bcrypt.salt(Devise.stretches)
  u.update_attributes!(:password_salt => password_salt,
                       :encrypted_password => Devise::Encryptors::Bcrypt.digest(u.password, Devise.stretches, password_salt, Devise.pepper))
end

add_column :users, :confirmation_token, :string, :limit => 255
add_column :users, :confirmed_at, :timestamp
add_column :users, :confirmation_sent_at, :timestamp
execute "UPDATE users SET confirmed_at = created_at, confirmation_sent_at = created_at"
add_column :users, :reset_password_token, :string, :limit => 255

add_column :users, :remember_token, :string, :limit => 255
add_column :users, :remember_created_at, :timestamp
add_column :users, :sign_in_count, :integer, :default => 0
add_column :users, :current_sign_in_at, :timestamp
add_column :users, :last_sign_in_at, :timestamp
add_column :users, :current_sign_in_ip, :string, :limit => 255
add_column :users, :last_sign_in_ip, :string, :limit => 255

add_column :users, :failed_attempts, :integer, :default => 0
add_column :users, :unlock_token, :string, :limit => 255
add_column :users, :locked_at, :timestamp

remove_column :users, :password
remove_column :users, :persistence_token

add_index :users, :email,                :unique => true
add_index :users, :confirmation_token,   :unique => true
add_index :users, :reset_password_token, :unique => true
add_index :users, :unlock_token,         :unique => true

Note that here I've converted a plain password column into a bcrypt-encrypted column for Devise -- if you've used encrypted passwords with Authlogic, then you'll probably want to just rename the column (if necessary) and choose the correct encryptor module in config/initializers/devise.rb.

For reference, the "devise" clause in my User model looks like this:

devise :database_authenticatable, :registerable, :recoverable,
  :rememberable, :trackable, :validatable, :confirmable, :lockable,
  :timeoutable, :authentication_keys => [ :login ]

Note that overriding :authentication_keys like this so that users sign in with their login rather than their email address required me to modify some of the devise views: rails generate devise:views, then edit the files.

Hope this helps a bit. Good luck!

sanityinc
Excellent answer! Thank you!
Erik
Just what I was looking for. Thanks!
jspooner