开发者

Rails Devise: Don't check password salt when authenticating

开发者 https://www.devze.com 2023-03-16 18:18 出处：网络

I\'m migrating a PHP site over to Rails using Devise as the authentication method. The old site uses md5(salt + password) to authenticate users so I wrote a custom Devise encryptor as such:

相关专题：devise passwords ruby-on-rails ruby-on-rails-3

I'm migrating a PHP site over to Rails using Devise as the authentication method. The old site uses md5(salt + password) to authenticate users so I wrote a custom Devise encryptor as such:

module Devise
  module Encryptors
    class Md5 < Base
      def self.digest(password, stretches, pepper)
        Digest::MD5.hexdigest(password + 'the_salt_value')
      end
    end
  end
end

When I create a new user on the new site with the password "password", the hashed password matches the us开发者_Python百科er on the old site with the password "password", which is good. However, the values in the password_salt column, whose purpose I'm unclear on, are different and the user on the old site can't login with "password" when I migrate the database over.

What's the best way to deal with this problem? Is there a way to make Devise simply compare the values in the encrypted_password column when authenticating?