I am working on a project where the live site is now using
Devise 1.0.6 with Rails 2.3.8.
There, its not using pepper (as this is switched off by default in 1.0.6 with sha1 as default I guess..(don't know what is default alg. in 1.0.6))
In my latest code, I have updated the devise version from its git repo, so my current snapshot of code uses
Devise 1.2.rc with Rails 3.0.1
Here in my current code, devise uses a default pepper value written in my devise.rb and it uses sha512 as its encryption algorithm I guess (don't know what is default alg. in 1.2.rc).
In both the old code and new code, in devise.rb, a custom alogirthm for encryption is not set. So devise uses its default encryption algorithms in live site( devise 1.0.6) and in my current latest code ( 1.2.rc)
I don't know which is the default encryption algorithm in Devise 1.0.6 and Devise 1.2.4c. Can you please tell me how to check this default algorithm.
Live site uses no pepper and my current code uses a default pepper given by Devise. which means that my old users will not be able to login if I start using the new default pepper give in 1.2.rc. How do I handle this. Shall I turn off the pepper option in my new code ? Please advise.
I could use the same devise version 1.0.6 but a lot of functionalities like open auth are available in the new devise version - so I am using the new one. Please advise on what to do.
thanks
Related
I want to migrate Rails 2 app to Rails 4. I have successfully migrated in Rails 3. Now I have a big problem with restful-authentication. It's not working for rails 4 so I need to migrate in devise but I don't want any changes with thousands of existing users.
Is it better to migrate in devise or is there some other alternative for restful-authentication?
restful_authentication is no longer being maintained so I recommend migrating to an alternative like devise. With a bit of configuration you can set up devise to work with the passwords that have been encrypted through restful_authentication. There's guide on their github page on how to do it: https://github.com/plataformatec/devise/wiki/How-To:-Migrate-from-restful_authentication-to-Devise
Part of our team is working to upgrade our large codebase from Rails 3.2 to 4.2.
Before that is finished, I'd already like to use ActiveSupport::MessageVerifier for a new feature. The release notes for 4.1 included them so I naturally assumed they were introduced in 4.1.
I was trying to estimate the effort of backporting ActiveSupport::MessageVerifier to Rails 3. Going through its history, I discovered that the original commit has been included in Rails core since 2.3.0.
Now I wonder:
Is it safe to use the message verifier shipped in 3.2 in production?
What's new in 4.1 is easy access to named verifiers that use secret_key_base. ActiveSupport::MessageVerifier has been used for signed cookies since 2.3.6 (here's the commit that added it) so I would definitely consider it production ready.
I am in the process of using the rails upgrade plugin (https://github.com/rails/rails_upgrade) to bring the application from 2.3.14 to 3.2. The plugin identified "restful_authentication" as something that needed to be replaced. After some research I decided to try to migrate to Devise.
I started looking at https://github.com/plataformatec/devise/wiki/How-To:-Migrate-from-restful_authentication-to-Devise, the issue I ran into is that these instructions are not meant for Rails 2.3.14.
I can figure out how to make most of it work for 2.3.14, but the biggest block I have ran into is that I am not sure which versions of Devise, Devise-encryptable and other gems to use. Is there an simple way to check?
Alliteratively am I making a mistake in trying to migrate to devise before I upgrade, should it be done the other way around?
Re: Is there a simple way to check? The short answer is no.
To know what Devise gems to use, just follow the directions in the devise wiki - you just need devise and devise-encryptable according to the wiki.
Re: Which one to do first: Whatever you decide to do, its a good idea to have a stable branch before attempting an upgrade. So either you a) upgrade Rails + get restful_auth working, or b) use Devise + upgrade Rails - just avoid trying to do both at the same time.
a) seems possible if you use https://github.com/Satish/restful-authentication . It's a fork of the original project, and neither are as active as Devise ( https://www.ruby-toolbox.com/categories/rails_authentication ). You may choose to upgrade your authentication system to devise anyway, which leads us to...
b) probably the road-more-travelled. You should be able to find plenty of (Rails 2.3) upgrade instructions for restful_authentication->Devise. Get your specs green, then attempt the Rails 3 upgrade.
I have an export of the users table from a Rails 3.0/Devise 1.1.8 app. I would like to seed these into a Rails 3.1/Devise 2.0 app. I imported that data via CSV and configured Devise with the same pepper value as the old app, however users are not able to log in. Bcrypt is/was used in both cases.
I think what I'm missing is that Devise 1 stored the salt in a separate field, but 2.0 puts it in the encrypted password string. Is there a way to migrate my data into the new app properly?
The best idea is to follow this: https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.0, which basically recommends that you upgrade to 1.5 first, then upgrade all the way to 2.0. I think its pretty straight forward from that wiki explanation.
So I followed the railscast tutorial (http://railscasts.com/episodes/170-openid-with-authlogic) and used the old version of the plugin from Ryan's git file. I can now successfuly create/register a user using OpenID (Google), but I cannot log in with this user. When I submit the OpenID that has been registered, I get "uninitialized constant Rack::OpenID". Any ideas?
Thanks!
I would suggest trying the latest version of the plugin, or the gem.
Things change quick in rails, and old code can break with new versions of rails.
I would suggest trying Devise, it is easier for integrate OpenId, Facebook, Tweeter ...
https://github.com/plataformatec/devise