Serj L aka Loremaster

Blog of Rails developer.

I always love to hear from you: hello@bloginius.com

How Upgrade Devise 2 to 3.2

| Comments

Devise is a great gem! It really helps you, taking all authentication jobs away from you. However, upgrading Devise up to version 3.x can be a little bit tricky. In this post I’ll show you how to do that.

First of all, update your gem via bundle update OR specify version in your Gemfile:

Gemfile
1
gem "devise", "~> 3.2.2"

And run bundle install.

Since devise 3.1 platformatec announced few security improvements. One of them is secret_key. To add it open devise config and add:

config/initializers/devise.rb
1
2
3
4
# The secret key used by Devise. Devise uses this key to generate
# random tokens. Changing this key will render invalid all existing
# confirmation, reset password and unlock tokens in the database.
config.secret_key = '2710f15f11771d6692a3015d7e3dba2cb05539c1f72i6u345df5433hg535kj5x56v6er56if2566c63c2ad670d6859e536b40d87e6543b115609f0464bdd99502abbe241c4'

Of course, you should use your own secret key, so change my example to be more secure.

If you have ever generated devise’s views, then you should change it’s mailers to use @token instead of @resource.*_token:

views/devise/mailer/confirmation_instructions.html.haml
1
2
# ...
= link_to t('devise.mailer.confirmation_instructions.submit'), confirmation_url(@resource, confirmation_token: @token)
views/devise/mailer/reset_password_instructions.html.haml
1
2
# ...
= link_to t('devise.mailer.reset_password_instructions.reset_link'), edit_password_url(@resource, reset_password_token: @token)
views/devise/mailer/unlock_instructions.html.haml
1
2
# ...
= link_to t('devise.mailer.unlock_instructions.unlock_link'), unlock_url(@resource, unlock_token: @token)

After that everything should works. But take a look into your terminal: you may have deprecation errors, which you should fix!

Comments