Skip to content
Browse files

Remove the salt from the DB migration

The salt column is only needed for SHA1 and MD5 strategies, which  are
not the default. The README contains instructions for adding the salt
back before switching to those strategies.
  • Loading branch information...
1 parent 4a15250 commit 6ad1068748a325b6963d89ef1e1b75c8b9416c1b @mike-burns mike-burns committed
View
47 README.md
@@ -185,16 +185,10 @@ If you want to override the **model** behavior, you can include sub-modules of `
`Callbacks` contains `ActiveRecord` callbacks downcasing the email and generating a remember token.
-Overriding the password strategy
---------------------------------
+Stock password strategies
+-------------------------
-By default, Clearance uses BCrypt encryption of the user's password. You can provide your own password strategy by creating a module that conforms to an API of two instance methods:
-
- def authenticated?
- end
-
- def password=(new_password)
- end
+By default, Clearance uses BCrypt encryption of the user's password.
The previous default password strategy was SHA1. To keep using SHA1, use this
code:
@@ -209,13 +203,6 @@ Switching password strategies will cause your existing users' passwords to not
work. If you are currently using the SHA1 strategy (the previous default), and
want to transparently switch to BCrypt, use the [BCryptMigrationFromSHA1 strategy](https://github.com/thoughtbot/clearance/blob/master/lib/clearance/password_strategies/bcrypt_migration_from_sha1.rb).
-
-Once you have an API-compliant module, load it with:
-
- Clearance.configure do |config|
- config.password_strategy = MyPasswordStrategy
- end
-
For example:
# default
@@ -227,6 +214,34 @@ For example:
# Blowfish
config.password_strategy = Clearance::PasswordStrategies::Blowfish
+The SHA1 and blowfish password strategies require an additional `salt`
+column in the `users` table. *Run this migration* before switching
+to SHA or blowfish strategies or it *will* break:
+
+ class AddSaltToUsers < ActiveRecord::Migration
+ def change
+ add_column :users, :salt, :string, :limit => 128
+ end
+ end
+
+Custom password strategies
+--------------------------
+
+You can provide your own password strategy by creating a module that
+conforms to an API of two instance methods:
+
+ def authenticated?
+ end
+
+ def password=(new_password)
+ end
+
+Once you have an API-compliant module, load it with:
+
+ Clearance.configure do |config|
+ config.password_strategy = MyPasswordStrategy
+ end
+
Routing Constraints
-------------------
View
1 db/migrate/20110111224543_create_diesel_clearance_users.rb
@@ -3,7 +3,6 @@ def self.up
create_table(:users) do |t|
t.string :email
t.string :encrypted_password, :limit => 128
- t.string :salt, :limit => 128
t.string :confirmation_token, :limit => 128
t.string :remember_token, :limit => 128
t.timestamps
View
1 db/schema.rb
@@ -16,7 +16,6 @@
create_table "users", :force => true do |t|
t.string "email"
t.string "encrypted_password", :limit => 128
- t.string "salt", :limit => 128
t.string "confirmation_token", :limit => 128
t.string "remember_token", :limit => 128
t.datetime "created_at", :null => false
View
4 gemfiles/3.0.12.gemfile.lock
@@ -1,5 +1,5 @@
PATH
- remote: /Users/gabe/thoughtbot/open-source/clearance
+ remote: /home/mike/thoughtbot/clearance
specs:
clearance (0.16.2)
bcrypt-ruby
@@ -160,7 +160,7 @@ DEPENDENCIES
appraisal (~> 0.4.1)
aruba (~> 0.4.11)
bourne (~> 1.1.2)
- bundler (~> 1.1.0)
+ bundler (~> 1.1)
capybara (~> 1.1.2)
clearance!
cucumber-rails (~> 1.1.1)
View
4 gemfiles/3.1.4.gemfile.lock
@@ -1,5 +1,5 @@
PATH
- remote: /Users/gabe/thoughtbot/open-source/clearance
+ remote: /home/mike/thoughtbot/clearance
specs:
clearance (0.16.2)
bcrypt-ruby
@@ -170,7 +170,7 @@ DEPENDENCIES
appraisal (~> 0.4.1)
aruba (~> 0.4.11)
bourne (~> 1.1.2)
- bundler (~> 1.1.0)
+ bundler (~> 1.1)
capybara (~> 1.1.2)
clearance!
cucumber-rails (~> 1.1.1)
View
4 gemfiles/3.2.3.gemfile.lock
@@ -1,5 +1,5 @@
PATH
- remote: /Users/gabe/thoughtbot/open-source/clearance
+ remote: /home/mike/thoughtbot/clearance
specs:
clearance (0.16.2)
bcrypt-ruby
@@ -168,7 +168,7 @@ DEPENDENCIES
appraisal (~> 0.4.1)
aruba (~> 0.4.11)
bourne (~> 1.1.2)
- bundler (~> 1.1.0)
+ bundler (~> 1.1)
capybara (~> 1.1.2)
clearance!
cucumber-rails (~> 1.1.1)
View
2 lib/clearance/user.rb
@@ -60,7 +60,7 @@ module Callbacks
# Hook for callbacks.
#
- # salt, token, password encryption are handled before_save.
+ # token, password encryption are handled before_save.
included do
before_validation :downcase_email
before_create :generate_remember_token
View
3 spec/models/user_spec.rb
@@ -175,9 +175,8 @@ def password_optional?
describe "when user exists before Clearance was installed" do
before do
@user = create(:user)
- sql = "update users set salt = NULL, encrypted_password = NULL, remember_token = NULL where id = #{@user.id}"
+ sql = "update users set encrypted_password = NULL, remember_token = NULL where id = #{@user.id}"
ActiveRecord::Base.connection.update(sql)
- @user.reload.salt.should be_nil
@user.reload.encrypted_password.should be_nil
@user.reload.remember_token.should be_nil
end

0 comments on commit 6ad1068

Please sign in to comment.
Something went wrong with that request. Please try again.