A number of Rails 2.3 apps are using Restful Authentication but that plugin seems to have some issues with Rails 3. In upgrading to Rails 3 I have been using Devise. Is there any way to smoothly transition from Restful Authentication to Devise? Has anyone done a migration that shows how to update the User model?
Here is a good guide on migration from restful_authentication to devise
https://github.com/plataformatec/devise/wiki/How-To:-Migrate-from-restful_authentication-to-Devise
Reason for edit: prior link took folks to a blank page.
I updated my application from Restful Authentication to Devise already. Here is my migration:
class AlterUsersForDevise < ActiveRecord::Migration
def self.up
remove_column :users, :name
change_column :users, :email, :string, :default => "", :null => false, :limit => 128
rename_column :users, :crypted_password, :encrypted_password
change_column :users, :encrypted_password, :string, :limit => 128, :default => "", :null => false
rename_column :users, :salt, :password_salt
change_column :users, :password_salt, :string, :default => "", :null => false, :limit => 255
add_column :users, :reset_password_token, :string
change_column :users, :remember_token, :string, :limit => 255
rename_column :users, :remember_token_expires_at, :remember_created_at
add_column :users, :sign_in_count, :integer, :default => 0
add_column :users, :current_sign_in_at, :datetime
add_column :users, :last_sign_in_at, :datetime
add_column :users, :current_sign_in_ip, :string
add_column :users, :last_sign_in_ip, :string
rename_column :users, :activation_code, :confirmation_token
change_column :users, :confirmation_token, :string, :limit => 255
rename_column :users, :activated_at, :confirmed_at
add_column :users, :confirmation_sent_at, :datetime
end
def self.down
add_column :users, :name, :string, :limit => 100, :default => ""
rename_column :users, :encrypted_password, :crypted_password
change_column :users, :crypted_password, :string, :limit => 40
rename_column :users, :password_salt, :salt
change_column :users, :salt, :string, :limit => 40
remove_column :users, :reset_password_token
change_column :users, :remember_token, :string, :limit => 40
rename_column :users, :remember_created_at, :remember_token_expires_at
remove_column :users, :sign_in_count
remove_column :users, :current_sign_in_at
remove_column :users, :last_sign_in_at
remove_column :users, :current_sign_in_ip
remove_column :users, :last_sign_in_ip
rename_column :users, :confirmation_token, :activation_code
change_column :users, :confirmation_token, :string, :limit => 40
rename_column :users, :confirmed_at, :activated_at
remove_column :users, :confirmation_sent_at
end
end
My application isn't live so far. So i use the password encryption from Devise instead the one from Restful Authorization. If you application is already alive, and you have active users you should configure Devise to use SHA1 from Restful Authentication to en- and decrypt passwords. Otherwise all your users must request a new password.
You can configure this in the devise initializer.
Hope that helps...
Here's how to overcome the password problem:
You need to make a custom encryptor like so:
# /config/initializers/devise_encryptor.rb
require "digest/sha1"
module Devise
module Encryptors
class OldRestfulAuthentication < Base
def self.digest(password, stretches, salt, pepper)
Digest::SHA1.hexdigest("--#{salt}--#{password}--")
end
end
end
end
And then choose it in devise.rb like so:
config.encryptor = :old_restful_authentication
That should do it!
I was having problems with the password encryption (but I found the answer, see my other response). The old app used an old version of Restful Authentication. It was handling the password encryption like so:
# before filter
def encrypt_password
return if password.blank?
self.salt = Digest::SHA1.hexdigest("--#{Time.now.to_s}--#{login}--") if new_record?
self.crypted_password = encrypt(password)
end
# Encrypts some data with the salt.
def self.encrypt(password, salt)
Digest::SHA1.hexdigest("--#{salt}--#{password}--")
end
# Encrypts the password with the user salt
def encrypt(password)
self.class.encrypt(password, salt)
end
If I set Devise's config.encryptor to :restful_authentication_sha1 it doesn't work.
In my case it works (analized authentication.rb and by_password.rb in old gem restful_authentication):
config/initializers/devise.rb add this:
config.encryptor = :restful_authentication
config.stretches = 10 #REST_AUTH_DIGEST_STRETCHES frome Restful Authentication file config/initializers/site_key.rb
config.pepper = 'mashauronilavrechkumyachik' #REST_AUTH_SITE_KEY frome Restful Authentication file config/initializers/site_key.rb
app/models/user.rb add :encryptable
devise :database_authenticatable, :registerable,
:recoverable, :rememberable, :trackable, :validatable,
:encryptable, :omniauthable, :authentication_keys => [:login]
config/initializers/devise_encryptor.rb create with this this:
# -*- encoding : utf-8 -*-
require "digest/sha1"
module Devise
module Encryptable
module Encryptors
class RestfulAuthentication < Base
def self.digest(password, stretches, salt, pepper)
digest = pepper
stretches.times do
digest = secure_digest(digest, salt, password, pepper)
end
digest
end
def self.secure_digest(*args)
Digest::SHA1.hexdigest(args.flatten.join('--'))
end
def self.encrypt_password
return if password.blank?
self.password_salt = make_token if new_record?
self.encrypted_password = encrypt(password)
end
def self.make_token
secure_digest(Time.now, (1..10).map{ rand.to_s })
end
def self.encrypt(password)
self.password_digest(password, stretches, salt, pepper)
end
end
end
end
end
Related
I'm getting the following error when trying to use the :confirmable module of Devise:
NameError (undefined local variable or method `confirmed_at' for #<AdminUser:0x007f27841d0f30>)
My model:
class AdminUser < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable,:recoverable, :rememberable, :trackable, :validatable, :confirmable
after_create { |admin| admin.send_reset_password_instructions }
def password_required?
new_record? ? false : super
end
end
I want to send a confirmation email when AdminUser is created.
It is not enough to merely add the :confirmable option in the model, you'll also need to add the columns required by Devise into your database table.
Assuming you are using a model AdminUser:
class AddConfirmableToDevise < ActiveRecord::Migration
def self.up
add_column :admin_users, :confirmation_token, :string
add_column :admin_users, :confirmed_at, :datetime
add_column :admin_users, :confirmation_sent_at, :datetime
add_column :admin_users, :unconfirmed_email, :string
add_index :admin_users, :confirmation_token, :unique => true
end
def self.down
remove_index :admin_users, :confirmation_token
remove_column :admin_users, :unconfirmed_email
remove_column :admin_users, :confirmation_sent_at
remove_column :admin_users, :confirmed_at
remove_column :admin_users, :confirmation_token
end
end
Simply run the command:
rails g migration add_confirmable_to_devise
db/migrate/YYYYMMDDxxx_add_confirmable_to_devise.rb
class AddConfirmableToDevise < ActiveRecord::Migration
# Note: You can't use change, as User.update_all will fail in the down migration
def up
add_column :users, :confirmation_token, :string
add_column :users, :confirmed_at, :datetime
add_column :users, :confirmation_sent_at, :datetime
add_index :users, :confirmation_token, unique: true
execute("UPDATE users SET confirmed_at = NOW()")
end
def down
remove_columns :users, :confirmation_token, :confirmed_at, :confirmation_sent_at
end
end
For further reference devise
You put :confirmable in your AdminUser model. So you need to have columns for confirmable functions including confirmed_at.
You should have a migration file which Devise generated. In that file, you need to remove comment out for confirmable columns including created_at.
I have a migration that give me an error:
class DeviseTokenAuthCreateUsers < ActiveRecord::Migration
def change
unless column_exists? :users, :provider
add_column :users, :provider, :null => false
end
unless column_exists? :users, :uid
add_column :users, :uid, :null => false, :default => "email"
end
unless column_exists? :users, :tokens
add_column :users, :tokens, :text
end
User.reset_column_information
User.all.each{|u| u.save! }
add_index :users, [:uid, :provider], :unique => true
end
end
The error is:
undefined method `to_sym' for {:null=>false}:Hash/Users/scrivoaroby/.rvm/gems/ruby-2.0.0-p481/gems/activerecord-4.1.9/lib/active_record/connection_adapters/abstract/schema_definitions.rb:311:in `add_column'
My rails version is 4.1.9
Any idea?
The third argument for add_column should be the datatype. Instead of something like:
add_column :users, :provider, :null => false
You'll want something like this, with whatever datatype is appropriate for your columns:
add_column :users, :provider, :string, :null => false
This will also need to be done for the :uid column.
Is possible to update database data inside a migration?
I have this migration:
class FixTokenAuth < ActiveRecord::Migration
def change
unless column_exists? :users, :provider
add_column :users, :provider, :null => false
end
unless column_exists? :users, :uid
add_column :users, :uid, :null => false, :default => ""
end
unless column_exists? :users, :tokens
add_column :users, :tokens, :text
end
end
end
And I have also to add indexes
add_index :users, [:uid, :provider], :unique => true
Of course the migration fail: uid is "" per default and it can't be unique.
After the creation of the column I need to execute a block on my User model:
User.all.each{|u|
u.provider = "email"
u.save!
}
Doing this 'uid' field is filled by data.
Is possible to add something to a migration?
The migration is just plain ruby code, which gets executed, so the best thing you could do is change the change method into up and down. In these methods you can safely write your updating code after the add_columnstatements.
I have followed the steps in https://github.com/plataformatec/devise/wiki/How-To%3a-Add-%3aconfirmable-to-Users however I receive the error: NameError in Devise::RegistrationsController#create undefined local variable or method `confirmed_at' for # when i submit the signup form. How would I go about creating a confirmation email with the devise gem in Ruby on Rails 4? As well as what other requirements are needed? Here is what my code currently looks like:
class User < ActiveRecord::Base
# Include default devise modules. Others available are:
# :confirmable, :lockable, :timeoutable and :omniauthable
devise :database_authenticatable, :registerable, :confirmable,
:recoverable, :rememberable, :trackable, :validatable
has_many :pins
validates :name, presence: true
validates :email, format: { with: /\A([^#\s]+)#((?:[-a-z0-9]+\.)+edu)\z/ }
end
class AddConfirmableToDevise < ActiveRecord::Migration
def change
change_table(:users) do |t|
t.confirmable
end
add_index :users, :confirmation_token, :unique => true
end
def self.up
add_column :users, :confirmation_token, :string
add_column :users, :confirmed_at, :datetime
add_column :users, :confirmation_sent_at, :datetime
# add_column :users, :unconfirmed_email, :string # Only if using reconfirmable
add_index :users, :confirmation_token, :unique => true
# User.reset_column_information # Need for some types of updates, but not for update_all.
# To avoid a short time window between running the migration and updating all existing
# users as confirmed, do the following
User.update_all(:confirmed_at => Time.now)
# All existing user accounts should be able to log in after this.
end
def self.down
remove_columns :users, :confirmation_token, :confirmed_at, :confirmation_sent_at
# remove_columns :users, :unconfirmed_email # Only if using reconfirmable
end
end
Did you make the necessary migrations to add confirmable module to User?
Devise Confirmable Wiki
Edit: I edited your Rails migration to this:
class AddConfirmableToDevise < ActiveRecord::Migration
def up
add_column :users, :confirmation_token, :string
add_column :users, :confirmed_at, :datetime
add_column :users, :confirmation_sent_at, :datetime
# add_column :users, :unconfirmed_email, :string # Only if using reconfirmable
add_index :users, :confirmation_token, :unique => true
# User.reset_column_information # Need for some types of updates, but not for update_all.
# To avoid a short time window between running the migration and updating all existing
# users as confirmed, do the following
User.update_all(:confirmed_at => Time.now)
# All existing user accounts should be able to log in after this.
end
def down
remove_columns :users, :confirmation_token, :confirmed_at, :confirmation_sent_at
# remove_columns :users, :unconfirmed_email # Only if using reconfirmable
end
end
I have a User and an Admin role in my project. I created my authentication with Devise.
In my admin role I don't have any confirmation. In my User model I have the following:
devise :database_authenticatable, :confirmable, :recoverable,
:rememberable, :trackable, :validatable, :timeoutable, :registerable
# Setup accessible (or protected) attributes for your model
attr_accessible :email, :username, :prename, :surname, :phone, :street, :number, :location,
:password, :password_confirmation
My migration looks like:
class DeviseCreateUsers < ActiveRecord::Migration
def self.up
create_table(:users) do |t|
t.database_authenticatable :null => false
t.confirmable
t.recoverable
t.rememberable
t.trackable
t.timeoutable
t.validateable
t.string :username
t.string :prename
t.string :surname
t.string :phone
t.string :street
t.integer :number
t.string :location
t.timestamps
end
add_index :users, :email, :unique => true
add_index :users, :confirmation_token, :unique => true
add_index :users, :reset_password_token, :unique => true
add_index :users, :username, :unique => true
add_index :users, :prename, :unique => false
add_index :users, :surname, :unique => false
add_index :users, :phone, :unique => false
add_index :users, :street, :unique => false
add_index :users, :number, :unique => false
add_index :users, :location, :unique => false
end
def self.down
drop_table :users
end
end
In my routes.rb I added following statements:
map.devise_for :admins
map.devise_for :users, :path_names => { :sign_up => "register", :sign_in => "login" }
map.root :controller => "main"
After user registration I am redirected to the controller main with the flash notice, "You have signed up successfully," and I am logged in. But I don´t want to be logged in, because I have not confirmed my new user account yet.
If I open the console I see in the logs the confirmation mail text, but I am already logged in. I can´t explain why. Does anyone have an idea?
If I copy out the confirmation-token from the logs and confirm my account, I can log in, but if I don´t confirm, I also can log in.
In config/initializers/devise.rb there is a line to set the amount of time a user has to confirm before they're locked out.
config.confirm_within = 2.days
If you set that to 0, you should get the desired outcome.