I ran into an issue with latest Devise (1.2.0 6e71eca).
BCrypt::Errors::InvalidSalt in SessionsController#create
invalid salt
This was caused due to the fact that in later versions of Devise, the default “cryptor” was changed to :bcrypt instead of :sha1. I did not specify the default encryptor before, and thus the issue with encryption algorithms mismatch arises. This means that all the existing users created using older version of Devise would not work with the new Devise after running “bundle update”.
To fix this issue, in the devise.rb initializer file (config/initializers/devise.rb), specify the encryptor to :sha1 (the previous default).
config.encryptor = :sha1
I was caught off-guard with this issue since all my test cases passed with flying colors. For Marrily I use FactoryGirl and Shoulda to test. In the setup method of most test cases, a new user object is created from a factory definition. Since the generated password and salt of the test user are always created with the latest code from Devise, this issue of cryptor mis-match will never happen. Had I used static fixtures, this bug would be caught, because the salt would always be static and thus Devise would throw an exception. In an existing database with users generated from a previous version of Devise, the change could be a huge problem. To fix the issue, all registered users after the Devise gem upgrade will need to have their passwords reset with the right cryptor.
Marrily has started out with Rails 3beta2 and it’s been upgraded ever since all the way to Rails 3.0.0. I launched the closed-alpha version August 1st, and had many users signed up using the :sha1 cryptor. Had I released the latest code to production without specifying the cryptor, it would probably cause a lot of issues to the site. The lesson learned here is to make sure that you are as specific as possible with your plugins, especially for default values. When in doubt, specify it. And really test your application. There’s no way around it. Rails and many popular plugins and gems move fast. To protect your application, having a test suite is the only way to ensure a smooth sail.
Tags: devise, error, exception, rails3
You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.
Subscribe in a reader. Enjoy reading my blog? Subscribe to my RSS to read new post whenever I publish something new.
Thank you very much! This helped me a lot! I was having the same issue.