Forum: Ruby on Rails Migrating from homegrown auth. to RESTful Authentication

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Wes G. (Guest)
on 2009-04-02 01:36
I'm trying to port an existing, home grown authentication system to use
RESTful Authentication (and then RoleRequirement on top of that).

I am concerned about how best to handle the existing user data in my
users table so that legacy (pre-RESTful Auth users) can log in.

I already have an existing users table with salt and hashed versions of
passwords, so I'm assuming that I will simply have to have a way to
detect which user records are pre-existing and ensure that I run the MD5
against them the "legacy" way.

Obviously, all new user records end up with the RESTful Auth. hashing
method applied to their passwords.

I'm looking for advice from anyone who has had to do this type of
conversion before.

Thanks,
Wes
Colin L. (Guest)
on 2009-04-02 11:39
(Received via mailing list)
If you are happy with the security of your original hashing then you
could
just patch restful auth to use your existing technique.

2009/4/1 Wes G. <removed_email_address@domain.invalid>
Fernando P. (Guest)
on 2009-04-02 16:34
> I'm looking for advice from anyone who has had to do this type of
> conversion before.
>
> Thanks,
> Wes

One way could be to allow users to reset the password by requesting a
token sent by email. So that everybody will be forced to update their
passwords. You'll have to make it super clear so that users won't get
upset seeing they can't log in anymore.
This topic is locked and can not be replied to.