Upgrade passwords to the latest hashing scheme on login

2013-08-14 00:13:49 +01:00 · 2013-08-14 00:13:49 +01:00 · b9daf06684
commit b9daf06684
parent 15d29c646b
3 changed files with 28 additions and 1 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -70,7 +70,14 @@ class User < ActiveRecord::Base
        end
      end

-      user = nil if user and not PasswordHash.check(user.pass_crypt, user.pass_salt, options[:password])
+      if user and PasswordHash.check(user.pass_crypt, user.pass_salt, options[:password])
+        if PasswordHash.upgrade?(user.pass_crypt, user.pass_salt)
+          user.pass_crypt, user.pass_salt = PasswordHash.create(options[:password])
+          user.save
+        end
+      else
+        user = nil
+      end
    elsif options[:token]
      token = UserToken.find_by_token(options[:token])
      user = token.user if token