舞命小丢

舞命小丢的技术Blog

Use Devise on Legacy Database Width Md5

| Comments

建议使用deivse 2.1,并且添加devise-encryptable

1
2
3
# Gemfile
gem 'devise', '~> 2.1'
gem 'devise-encryptable'

实现自己的加密方式,我是使用的是md5:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
# lib/devise/encryptable/encryptors/md5.rb
require 'digest/md5'

module Devise
  module Encryptable
    module Encryptors
      class Md5 < Base
        def self.digest(password, stretches, salt, pepper)
          str = [password, salt].flatten.compact.join
          Digest::MD5.hexdigest(str)
        end
      end
    end
  end
end

如果Devise版本低于2.1

1
2
3
4
5
6
7
8
9
10
11
12
13
# lib/devise/encryptors/md5.rb
require 'digest/md5'

module Devise
  module Encryptors
    class Md5 < Base
      def self.digest(password, stretches, salt, pepper)
        str = [password, salt].flatten.compact.join
        Digest::MD5.hexdigest(str)
      end
    end
  end
end

在config/initializers/devise.rb中加载md5加密

1
require Rails.root.join('lib', 'devise', 'encryptable', 'encryptors', 'md5')

在config/initializers/devise.rb中修改加密方式为md5

1
config.encryptor = :md5

添加 :encryptable 到User model.

如果password_salt为空的话,要在model中加入如下代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# for devise
class User < ActiveRecord::Base
  # Include default devise modules. Others available are:
  # :token_authenticatable, :encryptable, :confirmable, :lockable, :timeoutable and :omniauthable
  devise :database_authenticatable, :registerable, :confirmable,
         :recoverable, :rememberable, :trackable, :validatable
  devise :encryptable

  # Setup accessible (or protected) attributes for your model
  attr_accessible :email, :username, :password, :password_confirmation, :remember_me

  # for devise
  def password_salt=(password_salt)
  end

  def password_salt
  end

  protected

    def password_digest(password)
        Devise::Encryptable::Encryptors::Md5::digest(password, self.class.stretches, authenticatable_salt, self.class.pepper)
    end
end

这里必须覆盖password_digest方法,因为password_digest中监测了password_salt是否为空

https://github.com/plataformatec/devise-encryptable/blob/master/lib/devise/encryptable/model.rb%E4%B8%AD56%E8%A1%8C

1
2
3
4
5
6
# Digests the password using the configured encryptor.
      def password_digest(password)
        if password_salt.present?
          encryptor_class.digest(password, self.class.stretches, authenticatable_salt, self.class.pepper)
        end
      end

参考信息:

How-To:-Create-a-custom-encryptor

Comments