Migrating from homegrown auth. to RESTful Authentication

weyus · April 1, 2009, 11:36pm

I’m trying to port an existing, home grown authentication system to use
RESTful Authentication (and then RoleRequirement on top of that).

I am concerned about how best to handle the existing user data in my
users table so that legacy (pre-RESTful Auth users) can log in.

I already have an existing users table with salt and hashed versions of
passwords, so I’m assuming that I will simply have to have a way to
detect which user records are pre-existing and ensure that I run the MD5
against them the “legacy” way.

Obviously, all new user records end up with the RESTful Auth. hashing
method applied to their passwords.

I’m looking for advice from anyone who has had to do this type of
conversion before.

Thanks,
Wes

weyus · April 2, 2009, 9:39am

If you are happy with the security of your original hashing then you
could
just patch restful auth to use your existing technique.

2009/4/1 Wes G. [email protected]

weyus · April 2, 2009, 2:34pm

I’m looking for advice from anyone who has had to do this type of
conversion before.

Thanks,
Wes

One way could be to allow users to reset the password by requesting a
token sent by email. So that everybody will be forced to update their
passwords. You’ll have to make it super clear so that users won’t get
upset seeing they can’t log in anymore.