Authlogic 3.3.0 and 3.4.0 not working with Rails 4.0.x #400

Alamoz opened this Issue Mar 4, 2014 · 9 comments


None yet
8 participants

Alamoz commented Mar 4, 2014

Authlogic 3.3.0 and 3.4.0 not working with Rails 4.0.x. However, authlogic commit # e4b2990 does work with Rails 4.0.x.

Here is the output of the Rails 4.0.x logger when a user logs in:

F, [2014-03-04T07:25:09.640105 #28602] FATAL -- : NameError (uninitialized constant SCrypt): app/controllers/user_sessions_controller.rb:15:in `create'

So for now I'm specifying in Gemfile (thanks to @rhuppert for this info):

gem 'authlogic', github: 'binarylogic/authlogic', ref: 'e4b2990d6282f3f7b50249b4f639631aef68b939'

Actually, there's an annoyingly simple solution to make this work on Rails 4.0.x.

You need these entries in your Gemfile:

gem 'authlogic', '~> 3.4.0'
gem 'scrypt'

Authlogic has changed its default encryption system from SHA512 to SCrypt. If you are an ongoing Authlogic user, you previously used Sha512, so you probably need / want to add two additional lines to your User model to transition to the new default encryption - SCrypt:

  acts_as_authentic do |c|
    if Rails.env.production?
      c.logged_in_timeout = 30.minutes
      c.logged_in_timeout = 90.minutes
    c.transition_from_crypto_providers = Authlogic::CryptoProviders::Sha512,
    c.crypto_provider = Authlogic::CryptoProviders::SCrypt

If you don't want to upgrade to SCrypt, then you should just add this to your User.rb:

    c.crypto_provider = Authlogic::CryptoProviders::Sha512


Hermanverschooten referenced this issue Mar 5, 2014


Failing tests on master (Feb 28, 2014) #393

4 of 4 tasks complete

nathany commented Mar 5, 2014

thanks @danlaffan

Is there a reason Authlogic doesn't have a dependency on scrypt? Seems odd to have to manually include a gem that it requires.

@ryanbooker I guess it makes sense, since it isn't actually required.

If you set c.crypto_provider = Authlogic::CryptoProviders::Sha512, then you don't need scrypt installed.

However, I agree that it is confusing, and I'm glad I found this issue.

@mrreynolds mrreynolds added a commit to innoq/iqvoc that referenced this issue Apr 14, 2014

@mrreynolds mrreynolds lock authlogic to < 3.3.0 34a8e8e

Since the issue has been solved, can this ticket be closed now?


nathany commented Apr 28, 2014

Has it been solved? Maybe @danlaffan's comment needs to be put into the README/docs?


tiegz commented Apr 28, 2014

👍 fixed, scrypt is no longer needed.


nathany commented Apr 28, 2014

oh, gotcha. 3f6102f


binarylogic commented Apr 29, 2014

Agree, thanks for your help on this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment