Users with SHA-1 hashes are redirected to the password change page

app/controllers/application_controller.rb

@@ -16,6 +16,7 @@ class ApplicationController < ActionController::Base
   layout proc{ |controller| controller.mobile? ? "mobile" : "standard" }
   exempt_from_layout /\.js\.erb$/
  
+  before_filter :check_for_deprecated_password_hash
   before_filter :set_session_expiration
   before_filter :set_time_zone
   before_filter :set_zindex_counter
@@ -58,6 +59,15 @@ class ApplicationController < ActionController::Base
       end
     end
   end
+
+  # Redirects to change_password_user_path if the current user uses a
+  # deprecated password hashing algorithm.
+  def check_for_deprecated_password_hash
+    if current_user and current_user.uses_deprecated_password?
+      notify :warning, t('users.you_have_to_reset_your_password')
+      redirect_to change_password_user_path current_user
+    end
+  end
   
   def render_failure message, status = 404
     render :text => message, :status => status

app/controllers/users_controller.rb

@@ -1,6 +1,8 @@
 class UsersController < ApplicationController
   before_filter :admin_login_required, :only => [ :index, :show, :destroy ]
   skip_before_filter :login_required, :only => [ :new, :create ]
+  skip_before_filter :check_for_deprecated_password_hash,
+    :only => [ :change_password ]
   prepend_before_filter :login_optional, :only => [ :new, :create ]
   
   # GET /users GET /users.xml