bcrypt-ruby upgrade password from hashed_password fields, salt to password_digest field

Question

I am planning to upgrade my rails application from 2.3.5 to 4.1.

In old version of rails bcrypt-ruby had two fields(hashed_password, salt).

Now In latest version of rails we have only single field called password_digest.

Now I need to upgrade existing users passwords from hashed_password, salt to password_digest field.

So I am planning is there any process or algorithm for migrating existing user passwords.

Example:

1) hashed_password: d83894e27821bd43eeb7a0001037329e1ddfe28a 2) salt: 701260468044000.6918523640121411

now we need to change to

3) password_digest : 666699d998933300.6918d83894e2782e1ddfe28a

Now if user is login with his password it should allow to login.

Note: I am not using any authentication gems like authlogic or devise. I am using plain rails authentication using bcrypt-ruby

score 0 · Answer 1 · answered Jul 03 '14 at 18:00

0

You can use BCrypt directly to upgrade existing pass_hash and salt:

def migrate_password(hashed_password, salt)
  Password.new(BCrypt::Engine.hash_secret(hashed_password,salt))
end

You would use it like:

salt = 701260468044000.6918523640121411
secret = "d83894e27821bd43eeb7a0001037329e1ddfe28a"
password_digest = migrate_password(secret, salt)

answered Jul 03 '14 at 18:00

doug

You can use has_secure_password in Rails 4.1 as it uses BCrypt. Here's a link to an example of it's usage: http://stackoverflow.com/questions/22451633/using-has-secure-password-on-a-rails-4-app – doug Jul 03 '14 at 18:49

1 Answers1