I am using the custom made Devise controller.
I moved from PHP to Rails that, old users password are stored in
Devise:user table in form of
“devise_encryption(oldencryption(password))”
If an user login, and app finds out that this user’s password is in
form of “devise_encryption(oldencryption(password))”, I then change it
in to a form of “devise_encryption(password)” with password =
params[:user][:password]
I am getting the below error when old user tries to login. (new users
who registered after site migration logins just fine)
The change you wanted was rejected.
Maybe you tried to change something you didn’t have access to.
Simple process is that
STEP 1. do the normal login attempt(find user with email&password) as
what devise do, and if authenticate fails, go to step 2
STEP 2. helper function will do login attempt with my old password
encryption style(md5 for example), and look for the user
STEP 3. if user is found (user with
email&devise_encryption(oldencryption(password))), change the @user’s
password to the devise_encryption(params[:user][:password]) which just
passed in with Devise password.
Below is the custom devise controller that I am using.
The custom controller looks like this
def create
resource = warden.authenticate!(:scope => resource_name, :recall
=> “oldusercheck”) #calling oldusercheck helper function
set_flash_message(:notice, :signed_in)
sign_in_and_redirect(resource_name, resource)
end
def oldusercheck
@user = User.find_by_email(params[:user][:email])
if @user.nil?
set_flash_message(:alert, :invalid)
redirect_to :action=>‘new’
else
if @user.valid_password?(Digest::MD5.hexdigest(params[:user]
[:password])) # Authenticates against Devise
@user.password = @user.password_confirmation = params[:user]
[:password] #Save the password with given param
@user.save! # Encrypts the password with Devise
set_flash_message(:notice, :signed_in)
sign_in_and_redirect(resource_name, @user)
else
set_flash_message(:alert, :invalid)
redirect_to :action=>‘new’
end
end
end
It think the problem is caused by lines … (I don’t know if below
lines actually cause the problem…)
@user.password = @user.password_confirmation = params[:user]
[:password] #Save the password with given param
@user.save! # Encrypts the password with Devise
Is this not a correct way to change the password?
Its weird that things work just fine in Development, but does not work
well in Production