You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Devise
I was working on doing an upgrade to the login system for an app that
I develop from a in house system to devise. When we did this, we added
the new fields :encrypted_password and :password_salt to the user
model. Unfortunately in the upgrade we didn't make a method to upgrade
the password and salt to the new fields but this lead to a weird bug
in our system. Basically any user that was created before the upgrade
has :encrypted_password and :password_salt set to nil. When then
trying to sign in as the user, as long as you put in a password (other
than blank), you would be able to log in as them.
Now this seems like loop hole but could also be by design. I have
taken steps try and ensure that encrypt_pass and password_salt are
never nil, but is there a pre-defined method or option I could add
such that it will block all login attempts if the users password/salt
are nil? Or is there a way to easily override the devise controller
and write my own? I only want to do it for the sign_in controller as
the other methods seem to be working fine.
Thanks for the advice and suggestions.
Cameron
José Valim
unread,
Feb 27, 2011, 3:51:16 AM2/27/11
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Devise
I would consider this a bug. Which Devise version are you using?
Cameron
unread,
Feb 27, 2011, 5:30:11 PM2/27/11
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Devise
1.1.5 and warden 1.0.3, as far as I know its the lastest versions. Do
you need any other information from me? I am happy to see it is a bug
and not something I program wrong cause I couldn't dissect it any
further on my end.
Cameron
unread,
Mar 2, 2011, 1:13:02 PM3/2/11
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Devise
Sorry for the bump on this, but I was wondering if you were able to
decide if this is a devise bug or if it was a bug somewhere in my
code. And if it is a bug in my devise, will it make it into the 1.2RC?