#67 ✓resolved
Jan

Login with restful_authentication transition not working

Reported by Jan | March 24th, 2009 @ 09:36 PM

authlogic 2.0.2, rails 2.3.2

acts_as_authentic do |config|

config.transition_from_restful_authentication = true

end

No site_key was used with restful_authentication. I checked the crypted_password and salt field, they are unchanged. Login gives me "Password is not valid"...

Comments and changes to this ticket

  • dale

    dale March 25th, 2009 @ 03:25 AM

    Same problem here.

    class User < ActiveRecord::Base acts_as_authentic do |c|

     c.transition_from_restful_authentication = true
    
    

    end

    Trying to use authlogic in spree. New users work fine, they get a sha-512 from the start.

    Users with a sha-1 password from restful authentication can't login.

  • Ben Johnson

    Ben Johnson March 25th, 2009 @ 11:07 AM

    • State changed from “new” to “open”

    Everything seems to be working in my tests. I dont have any more apps using restful auth. The following should work for you:

    Authlogic::CryptoProviders::Sha1.matches?(*[REST_AUTH_SITE_KEY, salt, raw_password, REST_AUTH_SITE_KEY].compact)
    

    If you dont have REST_AUTH_SITE_KEY it will be set to nil and the Sha1 stretches will be set to 1.

    I am testing this and it seems to be working.

  • Sean Kirby

    Sean Kirby March 25th, 2009 @ 02:12 PM

    Ben, are you referring to manually resetting the passwords using the above code?

  • Ben Johnson

    Ben Johnson March 25th, 2009 @ 02:16 PM

    No I'm asking if the above works. I can't seem to reproduce the problem and I don't have a legacy app available to test it out. I've tested what I can and everything seems to look good.

    And actually it should be:

    Authlogic::CryptoProviders::Sha1.matches?(crypted_password, *[REST_AUTH_SITE_KEY, salt, raw_password, REST_AUTH_SITE_KEY].compact)
    
  • Sean Kirby

    Sean Kirby March 25th, 2009 @ 04:07 PM

    Thanks for the help Ben. That code didn't work and it was because our old code was doing:

    
    Digest::SHA1.hexdigest("--#{salt}--#{raw_password}--")
    

    Which meant that we needed to set REST_AUTH_SITE_KEY to a blank string to get the -- at the beginning and end. In our user.rb:

    
    Authlogic::ActsAsAuthentic::Password::REST_AUTH_SITE_KEY = ''
    
  • Jan

    Jan March 25th, 2009 @ 05:52 PM

    Thanks Sean, that did the trick.

    And thanks Ben for you awesome work!

  • dale

    dale March 25th, 2009 @ 06:09 PM

    This resolved it for me as well.

    Thanks for the tip!

  • Ben Johnson

    Ben Johnson March 25th, 2009 @ 07:07 PM

    I'll push out a change to fix this.

  • Ben Johnson

    Ben Johnson April 3rd, 2009 @ 01:20 AM

    • State changed from “open” to “resolved”
  • Stefan Kroes

    Stefan Kroes June 9th, 2009 @ 07:21 AM

    I have a similar problem. I'm also trying to move from restful authentication to authlogic but it keeps saying my password is invalid. I initially followed the tutorial in github to setup my session controller and stuff and added the act_like_restful_authentication configuration option to my acts_as_authentic in my existing user model. At one point login started working but after I tried to start using the transition_from_restful_authentication option things broke down. Now I can't even get the act_like_restful_authentication alternative working on a restored database.

    For my existing records the following is false:

    u = User.first
    Authlogic::CryptoProviders::Sha1.matches?(u.crypted_password, *[REST_AUTH_SITE_KEY, u.salt, actual_password, REST_AUTH_SITE_KEY].compact)

    Then I changed the password to something simple but still couldn't login.

    I also tried changing the password to the original one which resulted in different crypted_password and salt hashes for the record. Afterwards the above line of code was still false.

    I looked trough the system for anything involving Digest::, passwords, etc. but couldn't find anything like what was posted by Sean.

    I'm totally at a loss here, any suggestion will be greatly appreciated.

  • Stefan Kroes

    Stefan Kroes June 9th, 2009 @ 07:47 AM

    btw

    I also tried

    Authlogic::ActsAsAuthentic::Password::REST_AUTH_SITE_KEY = '' in my environment.rb

    That didn't work for me either.

  • Stefan Kroes

    Stefan Kroes June 9th, 2009 @ 08:22 AM

    Sorry, I thought I was explaining myself properly but after reading it back I really wasn't. The following is the case:

    • I'm trying to migrate a restful authentication system to authlogic using transition_from_restful_authentication

    • When I try to log into an existing record (restful auth), I get the 'Password is not valid' error

    • When I change the password of a record or create a new user, everything works fine afterwards

    • When I try Authlogic::CryptoProviders::Sha1.matches?(...) as Ben suggested, it is false for existing records

    • I tried the Authlogic::ActsAsAuthentic::Password::REST_AUTH_SITE_KEY = '' solution Sean suggested but it doesn't work for me

  • Stefan Kroes

    Stefan Kroes June 9th, 2009 @ 08:25 AM

    The restfull authentication configuration in my user model used to look like this:

    include Authentication

    include Authentication::ByPassword

    include Authentication::ByCookieToken

    include Authorization::AasmRoles

  • Stefan Kroes

    Stefan Kroes June 9th, 2009 @ 06:35 PM

    Ok, after going through the plugin code I found the problem. I had removed the REST_AUTH_SITE_KEY from my environment configuration because I wasn't gonna use restful authentication any more. I could have known your plugin needs that string to emulate restful auth but you might also have mentioned this in the transition tutorial on your blog.

    Regards,

    Stefan

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

Object based authentication solution that handles all of the non sense for you. It's as easy as ActiveRecord is with a database.

People watching this ticket

Pages