andresgutgon · January 8, 2012 13:28
diff --git a/user.rb b/user.rb
    # Because we have some old legacy users in the database, we need to override Devises method for checking if a password is valid.
    # We first ask Devise if the password is valid, and if it throws an InvalidHash exception, we know that we're dealing with a
    # legacy user, so we check the password against the SHA1 algorithm that was used to hash the password in the old database.  
    #SOURCES OF SOLUTION:
    # http://stackoverflow.com/questions/6113375/converting-existing-password-hash-to-devise
    # https://github.com/binarylogic/authlogic/blob/master/lib/authlogic/crypto_providers/sha512.rb
    # https://github.com/plataformatec/devise/blob/master/lib/devise/encryptors/authlogic_sha512.rb
    
    alias :devise_valid_password? :valid_password?
    def valid_password?(password)
      debugger
      begin
        devise_valid_password?(password)
      rescue BCrypt::Errors::InvalidHash   
        stretches = 20         
        digest  = [password, self.password_salt].flatten.join('')
        stretches.times {digest = Digest::SHA512.hexdigest(digest)}
        if digest == self.encrypted_password   
          #Here update old Authlogic SHA512 Password with new Devise ByCrypt password
          # SOURCE: https://github.com/plataformatec/devise/blob/master/lib/devise/models/database_authenticatable.rb
          # Digests the password using bcrypt.
          # Default strategy for Devise is BCrypt
          # def password_digest(password)
          #   ::BCrypt::Password.create("#{password}#{self.class.pepper}", :cost => self.class.stretches).to_s
          # end                  
          self.encrypted_password = self.password_digest(password) 
          self.save
          return true
        else
          # If not BCryt password and not old Authlogic SHA512 password Dosn't my user
          return false
        end
      end
    end
	# Because we have some old legacy users in the database, we need to override Devises method for checking if a password is valid.
	# We first ask Devise if the password is valid, and if it throws an InvalidHash exception, we know that we're dealing with a
	# legacy user, so we check the password against the SHA1 algorithm that was used to hash the password in the old database.
	#SOURCES OF SOLUTION:
	# http://stackoverflow.com/questions/6113375/converting-existing-password-hash-to-devise
	# https://github.com/binarylogic/authlogic/blob/master/lib/authlogic/crypto_providers/sha512.rb
	# https://github.com/plataformatec/devise/blob/master/lib/devise/encryptors/authlogic_sha512.rb

	alias :devise_valid_password? :valid_password?
	def valid_password?(password)
	debugger
	begin
	devise_valid_password?(password)
	rescue BCrypt::Errors::InvalidHash
	stretches = 20
	digest = [password, self.password_salt].flatten.join('')
	stretches.times {digest = Digest::SHA512.hexdigest(digest)}
	if digest == self.encrypted_password
	#Here update old Authlogic SHA512 Password with new Devise ByCrypt password
	# SOURCE: https://github.com/plataformatec/devise/blob/master/lib/devise/models/database_authenticatable.rb
	# Digests the password using bcrypt.
	# Default strategy for Devise is BCrypt
	# def password_digest(password)
	# ::BCrypt::Password.create("#{password}#{self.class.pepper}", :cost => self.class.stretches).to_s
	# end
	self.encrypted_password = self.password_digest(password)
	self.save
	return true
	else
	# If not BCryt password and not old Authlogic SHA512 password Dosn't my user
	return false
	end
	end
	end