Devise Login Passwords no longer work after Devise/Rails Upgrade

[LennonR]

I had a perfectly working rails 3.0.x, ruby 1.8.7 and devise 1.5.0 application running.

I recently upgraded to rails 3.2.x, ruby 1.9.3 and devise 2.0.5 and now logging in no longer works.  I can register without a problem and am automatically logged in after registration and everything works fine.  But once I logout, my password doesn't log me back in.  I get the default "Invalid email or password" message.  The same goes for all of my existing user accounts.  None of their passwords are working when trying to login however registration works fine.

Somebody suggested this might have to do with a different pw salt with devise 2.0 although I still don't see why my newly registered user pw wouldn't work.  

Thanks for any help you can give me.

[José Valim]

Lennon,

Have you gone through our guide?

https://github.com/plataformatec/devise/wiki/How-To:-Upgrade-to-Devise-2.0

Also, what does your log show? Does it even show a query on the sign in attempt? You need to give us more information.

[LennonR]

I've gone through the guide and made the recommended changes.

My logs look like this (the ********* lines are some logger.debug lines I outputted for debugging purposes that may help):

Started POST "/users/login" for 127.0.0.1 at 2013-06-21 13:31:48 -0400

Processing by SessionsController#create as HTML

  Parameters: {"utf8"=>"✓", "authenticity_token"=>"JGNK20Z/4Ulw5AzJW60O0EOfFt02dVPj4mT0NK5fbSk=", "user"=>{"email"=>"te...@test.com", "password"=>"[FILTERED]", "remember_me"=>"{:class=>\"check remember_check\"}"}, "commit"=>""}

*********** Auth Opts: {:scope=>:user, :recall=>"sessions#new"}

*********** Warden: Warden::Proxy:70141823903580 @config={:default_scope=>:user, :scope_defaults=>{}, :default_strategies=>{:user=>[:rememberable, :database_authenticatable], :refinery_user=>[:rememberable, :database_authenticatable]}, :intercept_401=>false, :failure_app=>#<Devise::Delegator:0x007f964ec58190>}

Completed 401 Unauthorized in 4ms

Processing by SessionsController#new as HTML

[LennonR]

Also, in the devise sessions controller, I overwrote it with the default 2.0.5 controller for debugging purposes and it fails

def create
    resource = warden.authenticate!(auth_options) #IT REDIRECTS TO SESSIONS#NEW AFTER THIS LINE
    # ALL CODE BELOW THIS LINE DOESN'T GET RUN!
    set_flash_message(:notice, :signed_in) if is_navigational_format?
    sign_in(resource_name, resource)
    respond_with resource, :location => after_sign_in_path_for(resource)
  end

On Friday, June 21, 2013 2:22:52 PM UTC-4, LennonR wrote:

I've gone through the guide and made the recommended changes.

My logs look like this (the ********* lines are some logger.debug lines I outputted for debugging purposes that may help):

Started POST "/users/login" for 127.0.0.1 at 2013-06-21 13:31:48 -0400

Processing by SessionsController#create as HTML

  Parameters: {"utf8"=>"✓", "authenticity_token"=>"JGNK20Z/4Ulw5AzJW60O0EOfFt02dVPj4mT0NK5fbSk=", "user"=>{"email"=>"test@test.com", "password"=>"[FILTERED]", "remember_me"=>"{:class=>\"check remember_check\"}"}, "commit"=>""}

[LennonR]

Thanks to this stackoverflow post I was able to solve my problem.

http://stackoverflow.com/questions/11467354/warden-authentication-recalls-401-unauthorized

I was using refinerycms which overwrites a bunch of devise logic and I needed to uncomment out:

config.authentication_keys = [ :email ] in config/initializers/devise.rb