Posts from Grinding Rails...
Posted by Jordan McKible 37 days ago
Question: So I’ve got some sensitive data in my database. Maybe a social security or credit card number here or there. Not something I want to be storing as plain text. What’s a person to do?
Answer: Lucifer
Lucifer is a single encryption key solution which uses the ezcrypto gem to transparently encrypt/decrypt database [...]
Posted by Jordan McKible 82 days ago
Update version_fu is now ready for prime time. I’d consider it to have all the options I need. Suggestions? Fork it!
Update I’ve written a real README for version_fu.
Long time no blog. I’ve been busy working on my latest project which is set to launch in two weeks. As such, I’m pretty [...]
Posted by Jordan McKible 221 days ago
A curious changeset just came down the pipeline. MySQL, long the favorite in the Rails community, has been replaced by SQLite. Don’t believe me? Check out Changeset 8417.
Fret not, everything will still work. OS X comes with SQLite by default, so there are no concerns there. And if you still prefer [...]
Posted by Jordan McKible 275 days ago
Clearly written code is the ultimate goal of any application. I like RSpec is because it helps write readable code. Matchers are the secret sauce of readability. Check out this example from the RSpec source:
For example, imagine that you are writing a game in which players can
be in various zones on a [...]
Posted by Jordan 290 days ago
I’m currently implementing some specs for an existing controller. Yes, I know that’s going about things backwards, but the controller was written before I came on to the project. Here’s the controller in question:
class FeedController < ApplicationController
before_filter :login_required
def destroy
@current_user.feed.destroy
redirect_to :back
[...]
Posted by Jordan 291 days ago
Just did an update on Rails Edge and a bunch of tests started failing. Not a terribly common occurrence, but this time the error was new: ActiveRecord::ProtectedAttributeAssignmentError. I’ve always been a strong proponent of good protection on attributes (see secure_associations plugin), so this was an interesting development. Previously when protected attributes came [...]
Posted by Jordan 297 days ago
This weekend I got myself a new server and setup Warehouse on it. I’ve been hosting open source projects at Google Code. While the experience was pretty nice, it had that patented Google look-and-feel (not a positive in my book). I’ve dumped the repositories for ActiveBudget and secure associations from Google [...]
Posted by Jordan 306 days ago
Cross-site request forgery is an attack malicious users can exploit. Much has been made of XSS vectors and CSRF is quite similar. If you’d like to learn more about CSRF, check out this article or the Wikipedia. Suffice to say CSRF is a credible type of attack and you should be aware [...]
Posted by Jordan 319 days ago
I remember two things from the first time I saw the original How-To-Make-A-Blog Rails screencast: 1) DHH says ‘whoops’ a lot. 2) Scaffold is awesome! Oh how things have changed.
To someone who hasn’t seen Rails before, the dynamism of scaffold is a show stopper. Unfortunately it doesn’t hold up for serious usage. [...]
Posted by Jordan 342 days ago
The Ruby Hit Squad may be the greatest thing to hit the Rails scene in a while. Look at that home page. This elite squad will take no prisoners.
Their first target is Capistrano. I wasn’t aware Capistrano needed to be whacked, but the fact that I haven’t migrated to version 2 is [...]
Posted by Jordan 342 days ago
Now that I’ve used RSpec for a while, here’s a smattering of random feedback. I’m far from an expert, so some of this advise may be ill advised. This is what works for me.
Autotest FTW
If you’re doing any kind of testing, you should already know about autotest. RSpec works almost flawlessly with [...]
Posted by Jordan 367 days ago
Changeset 7215 made validations a little more readable. Until now, you’ve only been able to specify an :if clause. For example:
validates_presence_of :identity_url, :if => using_open_id?
Now you can use :unless for nice looking validations:
validates_presence_of :username, :unless => using_open_id?
validates_presence_of :password, :unless => using_open_id?
if and unless go together like peas and carrots.
Posted by Jordan 374 days ago
Changeset 7188 made a nice little tweak to belongs_to. Quoth the changelog:
OLD
belongs_to :visitor, :class_name => 'User' # => inferred foreign_key is user_id
NEW
belongs_to :visitor, :class_name => 'User' # => inferred foreign_key is visitor_id
Just a little change that makes a lot more sense.
Posted by Jordan 374 days ago
Stuart Halloway of Relevance, LLC. has done a series of blog posts about testing validations in ActiveRecord. Part 1 was an illegible starting point that checked for exceptions being raised and generally made no sense. I don’t think I’ve ever seen a test that bad, but it was a good starting off point.
Part [...]
Posted by Jordan 386 days ago
SecureAssociations is a plugin I created to address some security concerns with ActiveRecord associations. It used to look like this:
class Category << ActiveRecord::Base
belongs_to_protected :user
end
Sami Samhuri pointed out that was pretty silly and submitted a patch that uses the standard association method signatures. It looks much nicer and will probably go over [...]
Posted by Jordan 388 days ago
We’ve all seen scaffolding churn out a piece of code like this:
class UsersController < ApplicationController
# POST /users
def create
@user = User.new(params[:user])
if @user.save
redirect_to users_path
else
render :action => 'new'
[...]
Posted by Jordan 392 days ago
About a month ago, I ran into an unfortunate security issue with ActiveRecord associations. As a quick refresher, if your model is:
class User < ActiveRecord::Base
has_many :categories
end
class Category < ActiveRecord::Base
belongs_to :user
end
And your controller looks like this:
class CategoriesController < ApplicationController
def create
@category = current_user.categories.build(params[:category])
[...]
Posted by Jordan 393 days ago
You can never get too comfortable with routing on Edge. Last month, the path and url methods changed for nested routes. Here’s the example code:
Before:
comments_path(@note)
comment_path(@note, @comment)
After:
note_comments_path(@note)
note_comment_path(@note, @comment)
I didn’t mention routes with prefix names, such as new. Changeset 7138 was just committed to handle [...]
Posted by Jordan 402 days ago
After reading voraciously about BDD and using it for a few days, I’m ready to share my experiences. There were some ideas that clicked immediately, some that took a while to work out, and some that I really didn’t like.
Before we get into the code, you should know I’m using RSpec and RSpec on [...]
Posted by Jordan 408 days ago
I’ve decided to take the plunge from TDD to BDD. The breaking point came when I was doing some functional tests for Wiffled. Each controller had a different specification depending on what type of user was logged in.
At first I wrote three tests right next to each other. For example…
def test_vistor_should_not_edit_team ...
def [...]
