From 220ed6c7914f5977d36b7617e9c38999317f57e5 Mon Sep 17 00:00:00 2001 From: erdgeist Date: Thu, 16 Jul 2026 19:45:42 +0200 Subject: Implement transparent password hash migration Add has_secure_password and bcrypt while retaining compatibility with legacy SHA-1 password hashes. Existing users are upgraded to password_digest on their next successful login. Add regression tests covering both legacy and modern authentication paths. --- lib/authentication.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/authentication.rb b/lib/authentication.rb index 4a3ad46..56df391 100644 --- a/lib/authentication.rb +++ b/lib/authentication.rb @@ -46,7 +46,6 @@ module Authentication include ModelInstanceMethods # Virtual attribute for the unencrypted password - attr_accessor :password validates_presence_of :password, :if => :password_required? validates_presence_of :password_confirmation, :if => :password_required? validates_confirmation_of :password, :if => :password_required? @@ -85,16 +84,19 @@ module Authentication self.class.password_digest(password, salt) end - def authenticated?(password) + def authenticate_legacy(password) crypted_password == encrypt(password) end - + # before filter def encrypt_password return if password.blank? - self.salt = self.class.make_token if new_record? + return if password_digest.present? + + self.salt ||= self.class.make_token self.crypted_password = encrypt(password) end + def password_required? crypted_password.blank? || !password.blank? end -- cgit v1.3