How do I properly migrate from has_secure_password to encrypted_password (as both use password_digest) without losing old passwords?

Question

Migrating from has_secure_password to devise causes the following error in the console when interacting with user objects:

.rvm/gems/ruby-2.4.1/gems/devise-4.4.0/lib/devise/models/database_authenticatable.rb:166:in `password_digest'

I understand this is because devise uses the pasword_digest function and so it is incompatible with the password_digest column used by active record's has_secure password.

A solution is to delete the password_digest column from the db but I do not want to loose existing users' passwords.

Should I delete the encrypted_password column devise created and then do a migration to rename password_digest to encrypted_password and then update existing user's passwords or is there a more appropriate solution?

Answer 1

1> Rename the column password_digest to encrypted_password.

2> In devise initializer in config/initializers/devise.rb set

config.stretches = 11 # this is default

3> bcrypt is the default hashing or encryption algorithm(so no change needed).

See devise config template.

Answer 2

I haven't done it before. But in my opinion, let's try to backup your database first. Then perform migration to change password_digest to encrypted_password. Don't worry because you can rollback your migration if it's not worked

Answer 3

Your guess and Sachin's solution are correct. Rename password_digest to encrypted_password and it will work.

You don't have to change config.stretches for this. It only affects how devise generates new passwords. Existing password store their number of stretches in their hash.