Home > Authentication, Rails, Ruby > Upgrading Devise from 1.1.x to 1.2.1

Upgrading Devise from 1.1.x to 1.2.1

April 14th, 2011 Leave a comment Go to comments
Our Ruby on Rails applications use a very nice gem called Devise to handle authentication on our websites. Devise is well supported, and thus gets updated quite a bit. They recently upgraded to 1.2.x, which requires a few fixes if you come from 1.1.x . Here are the steps I took to migrate from Devise 1.1.7 to 1.2.1.



Before I get started, this is how the migration for my Devise model User is set up
create_table(:users) do |t|
      t.database_authenticatable :null => false
      t.recoverable
      t.rememberable
      t.trackable
      t.confirmable
      t.lockable :maximum_attempts => 5, :lock_strategy => :failed_attempts, :unlock_strategy => :email
     #more fields
end


One change in Devise 1.2.x is that it doesn’t require you to set the password_salt attribute anymore. So to upgrade:


  1. Shut down your server
  2. I suggest locking devise to 1.2.1 to avoid untested updates upon bundle install. In your Gemfile 
    gem devise, 1.2.1
  3. Run bundle install in application root directory
  4. In config/initializers/devise.rb, comment out or delete config.encryptor references. For example 
    #config.encryptor = :bcrypt
  5. Update your devise migrations with the new encryptable module, if desired. Mine becomes 
    create_table(:users) do |t|
      t.database_authenticatable :null => false
      t.encryptable
      t.recoverable
      t.rememberable
      t.trackable
      t.confirmable
      t.lockable :maximum_attempts => 5, :lock_strategy => :failed_attempts, :unlock_strategy => :email
      #more fields
end
  6. Remove password_salt attributes from fixtures, if you have any
  7. Restart your server
  8. You may get an error like this one
    9. RuntimeError in IndexController#index
Devise changed how it stores objects in session. If you are seeing this message, you can fix it by changing one character in your cookie secret or cleaning up your database sessions if you are using a db store.
  9. To fix that, go in config/initializers/secret_token.rb and change one letter in config.secret_token definition.
  10. Restart your server one more time
You should now be upgraded to Devise 1.2.1. More information is available on the Devise website.

Hope this helps.


Categories: Authentication, Rails, Ruby Tags: , , ,
  1. Gabriel
    April 16th, 2011 at 04:18 | #1
    Reply | Quote

    Please note that the setting maximum_attempts (of lockable) should be in the model not the migration. Ie your model will look like this:

    class Admin 3
    ….

    Alternatively, for all models, you can also have it in the devise initialiser: config/initializers/devise.rb as
    Devise.setup do |config|
    config.maximum_attempts = 3
    end

    Hope this helps.
    Gabriel.

  2. Romain
    April 16th, 2011 at 17:07 | #2
    Reply | Quote

    This helps indeed. Thanks for the clarification. As I am using a single Devise model for now, I switched the lockable configuration to config/initializers/devise.rb

    # ==> Configuration for :lockable
    # Defines which strategy will be used to lock an account.
    # :failed_attempts = Locks an account after a number of failed attempts to sign in.
    # :none = No lock strategy. You should handle locking by yourself.
    config.lock_strategy = :failed_attempts

    # Defines which strategy will be used to unlock an account.
    # :email = Sends an unlock link to the user email
    # :time = Re-enables login after a certain amount of time (see :unlock_in below)
    # :both = Enables both strategies
    # :none = No unlock strategy. You should handle unlocking by yourself.
    config.unlock_strategy = :email

    # Number of authentication tries before locking an account if lock_strategy
    # is failed attempts.
    config.maximum_attempts = 5

  1. No trackbacks yet.