Category Archives: ruby on rails

Ruby on Rails programming tips

OSVDB 119927 : http Gem for Ruby SSL Certificate Validation MitM Spoofing

Posted on by
Reply

Problem

There was a security vulnerability issued by Gemnasium about the http gem with the title OSVDB-119927 – MitM Security Vulnerability.

The details for it are here.

Solution

After some investigation (gem dependency http –reverse-dependencies) it turns out that the twitter gem (5.14.), is using an older vulnerable http dependency (0.6.3).

In order to remove this warning and until there is a new twitter gem released, you can use the github master branch of twitter, like:

gem 'twitter', github: 'sferik/twitter'

Project ERROR: Unknown module(s) in QT: webkitwidgets

Posted on by
Reply

Problem

You are trying to bundle install a Gemfile that includes the capybara-webkit gem, in an Ubuntu system but you get the following error:

ERROR:  Error installing capybara-webkit:
ERROR: Failed to build gem native extension.
Project ERROR: Unknown module(s) in QT: webkitwidgets

Solution

It seems that the latest ubuntu versions are using QT version 5 instead of 4. So in order to be able to install the gem you would need to install the qt development libraries for version 5 like:

sudo apt-get install libqt5webkit5-dev

minitest assert_routing with method included in path

Posted on by
Reply

Problem

When trying to use the minitest assert_routing with the first parameter representing the path as a hash that includes both the path and the method, and run the tests rails complains about SyntaxErrors.

When trying to use it as suggested in the ‘Rails 4 Test Prescriptions’ Pragmatic Programmers book (p. 172 – Minitest and Routing) which is:

assert_routing({ path: "/projects", method: "post" }, 
controller: "projects", action: "create")

the error is:

SyntaxError: 
/.../test/controllers/projects_controller_test.rb:12: 
syntax error, unexpected ',', expecting ')'
... '/projects', method: 'post' },  controller: 'projects', act...

even when trying to have the second parameter as a hash:

assert_routing({ path: "/projects", method: "post" }, 
{ controller: "projects", action: "create" })

the error is similar:

SyntaxError: 
/.../test/controllers/projects_controller_test.rb:12:
 syntax error, unexpected ',', expecting ')'
... '/projects', method: 'post' }, 
{ controller: 'projects', ac...

Solution

Seems that you need to pass the parameters enclosed in brackets, so the following would work:

assert_routing  ({ path: '/projects', method: 'post' }), 
({ controller: 'projects', action: 'create' })

Upgrading jquery-ui-rails from 4.2.1 to 0.5.0

Posted on by
Reply

Problem

You would like to upgrade your jquery-ui-rails gem from a version before 0.5.x to the latest version 0.5.0, but when you do that your tests are failing with error messages similar to the one below:

ActionView::Template::Error: 
couldn't find file 'jquery.ui.effect-blind'

Solution

According to the changelog the naming between 4.2.1 and 0.5.0 has changed jquery-ui-rails

So if you were using something like the following in your app/assets/javascripts/applications.js file (as used in the depot example in the Agile Web Development with Rails 4 book):

//= require jquery.ui.effect-blind

you would need to change it to the following after upgrading your jquery-ui-rails gem to ~> 0.5.0:

//= require jquery-ui/effect-blind

Upgrading from rspec-rails 2.x to rspec-rails 3.x

Posted on by
Reply

Problem

You would like to upgrade your rails project from using rspec-rails 2.x to the latest rspec-rails 3.x version. According to the rspec-rails documentation the new 3.x includes many breaking changes.

Solution

The full instructions for upgrading from rspec-rails 2.x to rspec-rails 3.x are here, but you may not need to complete all the steps described in there.
So you could try with the following shorter steps:

  • Run your rspec tests and make sure that they all pass
  • Upgrade your rspec-rails to the version 2.99 provided by the rspec-rails team
  • Run your rspec tests again, and you should have deprecation warnings. Usually that would consist of: 
    spec-rails 3 will no longer automatically infer an 
example group's spec type from the file location. 
You can explicitly opt-in to this feature using 
this snippet:

RSpec.configure do |config|
  config.infer_spec_type_from_file_location!
end

    which you could add to your spec/spec_helper.rb file

  • Run your rspec tests again and this time they should have no deprecation warnings
  • If they all pass then upgrade to the latest rspec-rails (ie 3.0.1).
  • Run your rspec tests again, and this time you should normally have one deprecation warning: 
    Requiring `rspec/autorun` when running RSpec via the `rspec` 
command is deprecated. 
Called from /xxx/xx/lib/active_support/dependencies.rb:247:
in `require'.
  • Delete the line require ‘rspec/autorun’ from your spec/spec_helper.rb file
  • Rerun your tests and they should all be passing in rspec-rails 3.x now

bin/rails:6: warning: already initialized constant APP_PATH

Posted on by
Reply

Problem

You are getting the error:

bin/rails:6: warning: already initialized constant APP_PATH

when you are trying to start the local webserver with rails s.

Solution

That happens when are using the bootstrap rails gem as in:

gem 'anjlab-bootstrap-rails', require: 'bootstrap_rails'

It is important that the bootstap rails uses in the require is used with a dash and NOT an underscore.
So when you write the the gem as follows:

gem 'anjlab-bootstrap-rails', require: 'bootstrap-rails'

and restart your server you should no longer have the error message.

find out the status of rails application migrations

Posted on by
Reply

Problem

You would like to know at any moment the status of your migrations, if they have been applied, rolled back etc.

Solution

There is a very usefull rake task that can give you the list of your migrations withouth having to look at your schema.rb file:

rake db:migrate:status

Status   Migration ID    Migration Name
--------------------------------------------------
   up     20140528102449  Create products
   up     20140613150126  Create carts
   up     20140613151119  Create line items
   up     20140617215027  Add quantity to line items
   up     20140617220031  Combine items in cart
   up     20140620131542  Create orders
   up     20140620131605  Add order to line item

Rails 4 Application Development HOTSHOT review

Posted on by
Reply

A new book about rails 4 development has recently been published by Packt called Rails 4 application development HOTSHOT.

It is a book that can be described as a ruby on rails application cookbook. It focuses on the changes with the rails version 4 and includes a lot of the latest techniques and practices developing rails applications.

The book consists of 10 different projects, that can be used as the basis for further developing these applications.
The projects are:

  • Social Recipe-sharing Website
  • Conference and Event RSVP Management
  • Online Social Pinboard
  • Restaurant Menu Builder
  • Customisable CMS
  • Analytics Dashboard
  • Api Mashup – Twitter and Google maps
  • API only application
  • Video streaming website
  • Rails engines E-commerce

In each one of them different aspects of development are presented, for example twitter-bootstrap integration, devise authentication and so on.

So concluding this short review, this is a book that is recommended for ruby on rails developers with some previous experience, and it can provide the starting point for quite a few interesting projects.

Upgrading and creating new virtualbox vagrant boxes from the standard precise32 box

Posted on by
Reply

Problem

You would like to use a current version of a Virtualbox vagrant box, based on the official precise32 box, like saucy32.

Solution

  • Build your first vagrant box using the precise32 box
  • Install any packages that you need
  • Upgrade your distribution by doing the following:
    1. Make sure that the package update-manager-core is installed and install it if it isn’t: 
      sudo apt-get install update-manager-core
    2. Change the prompt from lts to normal in the file /etc/update-manager/release-upgrades: 
      sudo vi /etc/update-manager/release-upgrades
      Prompt=normal
    3. And upgrade to the next version by doing:
      4. sudo do-release-upgrade -d
  • Repeat the procedure for the version you want
  • Change the hostname to the current version: 
    sudo vi /etc/hostname
    sudo vi /etc/hosts
    quantal32
  • Logout from the box and package it: 
    vagrant package --output /home/path_to_new/packagename.box
  • Add the box to the list of boxes: 
    vagrant box add quantal32 /home/path_to_new/packagename.box

    • You can use your new box now in a new vagrant box:

    vagrant init --packagename.box

Session secret should not be included in version control near line …

Posted on by
Reply

Problem

After using brakeman to test for security issues in your rails application you get the following warning about the config/initializers/secret_token.rb file:

Session secret should not be included in version control near line xx

Solution

Since you may have already pushed the original secret_token.rb in your version control you may need to do the following.

  • Make a copy of the file : cp config/initializers/secret_token.rb config/initializers/copy_of_secret_token.rb
  • Delete the original file that is also on your version control: rm config/initializers/secret_token.rb
  • Add it to .gitgnore
  • Commit your changes and push to your version control: git commit -a -m “remove secret token and include it in .gitignore”, git push (origin master)
  • Create a new secret key by running: rake secret
  • Copy the value from above to the file config/initializers/copy_of_secret_token.rb replacing the original value of config.secret_key_base
  • Rename the file to secret_token.rb again: mv config/initializers/copy_of_secret_token.rb config/initializers/secret_token.rb
  • Check that the new file is not listed in git when you do : git status