Intentionally break the user's password to invoke the invalid hash er…

…ror so that the password can be reset (thanks to Devise changing password_salt)
refinery · Mar 27, 2011 · 0ab289c · 0ab289c
1 parent 12f25d6
commit 0ab289c
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 1 deletion.
diff --git a/authentication/app/controllers/sessions_controller.rb b/authentication/app/controllers/sessions_controller.rb
@@ -5,7 +5,7 @@ class SessionsController < ::Devise::SessionsController
 
   def create
     super
-  rescue BCrypt::Errors::InvalidSalt
+  rescue ::BCrypt::Errors::InvalidSalt, ::BCrypt::Errors::InvalidHash
     flash[:error] = t('password_encryption', :scope => 'users.forgot')
     redirect_to new_user_password_path
   end

diff --git a/authentication/db/migrate/20110325213325_remove_password_salt_from_users.rb b/authentication/db/migrate/20110325213325_remove_password_salt_from_users.rb
@@ -1,6 +1,10 @@
 class RemovePasswordSaltFromUsers < ActiveRecord::Migration
   def self.up
     remove_column :users, :password_salt
+    # Make the current password invalid :(
+    User.all.each do |u|
+      u.update_attribute(:encrypted_password, u.encrypted_password[29..-1])
+    end
   end
 
   def self.down

diff --git a/db/migrate/20110325213325_remove_password_salt_from_users.rb b/db/migrate/20110325213325_remove_password_salt_from_users.rb
@@ -1,6 +1,10 @@
 class RemovePasswordSaltFromUsers < ActiveRecord::Migration
   def self.up
     remove_column :users, :password_salt
+    # Make the current password invalid :(
+    User.all.each do |u|
+      u.update_attribute(:encrypted_password, u.encrypted_password[29..-1])
+    end
   end
 
   def self.down