There are a number of things it could be of course, but there are two settings in particular to pay attention to: the site key (REST_AUTH_SITE_KEY) and number of stretches (REST_AUTH_DIGEST_STRETCHES). Depending on what version of Restful Authentication you're upgrading from these could be defined in your config/environment files or config/initializers/site_keys.rb.
Like later versions of Restful Authentication, Authlogic assumes a default of 10 stretches. But if you've moved from an early version of Restful Auth the password hashes in your existing user store may have gone through fewer stretches. The solution? Set Authlogic's SHA1 crypto provider to use 1 stretch. In this example, we're still using the same strength algorithm as Restful Auth. Eventually, you'll probably want to transition away using the "c.transition_from_restful_authentication = true" setting, which will use SHA512 and defaults to 20 stretches.
acts_as_authentic do |c| c.act_like_restful_authentication = true c.password_salt_field = :salt Authlogic::CryptoProviders::Sha1.stretches = 1 end
No comments:
Post a Comment