Beware of "nil" values in params
Recent rails security updates have shown that people make incorrect assumptions about the possible contents of the params hash.
Just don't make any! Treat it as what it is: potentially unsafe user input. For example:
/pages/edit?foo --> params == {:foo => nil}
/pages/edit?foo[] --> params == {:foo => [nil]} # at least in older rails 3 and in rails 2.x
Be especially wary about stuff like
User.find_by_password_reset_token(params[:password_reset_token])
If params[:password_reset_token] is nil, you'll retriev...
Jasmine: using async/await to write nice asynchronous specs
Jasmine has long standing support for writing asynchronous specs. In days gone by we used the done callback to achieve this, but these days it is possible to write much more readable specs.
Async specs
As a first example, say we want to check that some form disables the submit button while working.
// bad (how we used to do it)
beforeEach(() => {
this.form = setupMyForm()
this.submitButton = findTheSubmitButton()
})
it('disables the submit button while working', (done) => {
expect(this.submitButton.disabled).toBe(false)
...
Understanding Ruby's def keyword
This StackOverflow question about nested function definitions in Ruby imparts a good understanding of Ruby's def.
PostgreSQL: "WHERE NOT <column> = '<value>'" statements do not include NULL values
Sometimes we write plain SQL queries in migrations so we don't have to mock ActiveRecord classes. These two migrations do the same:
class Migration1 < ActiveRecord::Migration[5.2]
class User < ActiveRecord::Base; end
def up
add_column :users, :trashed, :boolean
User.update_all(trashed: false)
end
end
class Migration2 < ActiveRecord::Migration[5.2]
def up
add_column :users, :trashed, :boolean
update("UPDATE users SET trashed = #{quoted_false}")
end
end
The plain SQL migration is less code, but h...
Regular Expressions: Excessive backtracking can get yourself in trouble
Two weeks ago, Cloudflare was struck by a global outage that lasted ~30 minutes. The incident was rooted on a CPU exhaustion caused by a single regular expression containing some catastrophic backtracking Archive :
.*(?:.*=.*)
This is a small reminder do keep using the lazy operator ? whenever possible and furthermore be aware that regular expressions should not only be unit-tested but also evaluated in terms of performance. See <https://makandracards.com/makandra/494822-regul...
How to combine "change", "up", and "down" in a Rails migration
Rails migrations allow you to use a change method whose calls are automatically inverted for the down path. However, if you need to some path-specific logic (like SQL UPDATE statements) you can not define up and down methods at the same time.
If you were to define define all 3 of them, Rails would only run change and ignore up and down. However, Rails 4+ features a helper method called
reversible
Archive
:
class MyMigration < ActiveRecord::Migration
def...
Howto: Write a proper git commit message
Seven Rules
- Separate subject from body with a blank line
- Limit the subject line to 50 characters (max. 72)
- Capitalize the subject line
- Do not end the subject line with a period
- Use the imperative mood in the subject line
- Wrap the body at 72 characters
- Use the body to explain what and why vs. how
5. Use the imperative mood in the subject line (partially extracted)
If applied, this commit will your subject line here
Good:
- If applied, this commit will refactor subsystem X for readability
- If applie...
Deployment: Merge consecutive commits without cherry-picking
You want to deploy new features but the latest commits are not ready for production? Then use git merge master~n to skip the n-last commits.
Tip
A big advantage of merging vs. cherry-picking is that cherry-picking will create copies of all picked commits. When you eventually do merge the branch after cherry-picking, you will have duplicate commit messages in your history.
Example
It's time for a production deployment!
git log --pretty=format:"%h - %s" --reverse origin/production..origin/master
0e6ab39f - Feature A
6396...
RubyMine users: you should be using bookmarks
RubyMine allows bookmarking lines of code. This is super-helpful when working on a complex problem.
I've been using this feature for a few years now, and so should you! :)
Here are the default Linux/Windows keystrokes. See the documentation Archive for other keybindings.
Add an anonymous bookmark
F11
A gray checkmark will be shown in the gutter on the left.
If you press F11 again on a bookmarked line, the bookmark will be removed.
Add a named bookmark ("mnemonic")
Ctrl ...
Documenting your Rails project's Node.js version in .nvmrc
Not all versions of Node.js are compatible with each other. Also npm packages may require a minimum or maximum version of Node.js. We use nvm on our development PCs so we can operate multiple versions of Node.js in parallel.
To make sure that all developers use a compatible version of Node.js, your Rails project should declare the required Node.js in a file called .nvmrc.
When a .nvmrc exists, developers can cd in your project directory and activate...
skorks/nesty
Nested exceptions for Ruby:
When you rescue an error and then re-raise your own, you don't have to lose track of what actually occured, you can keep/nest the old error in your own and the stacktrace will reflect the cause of the original error.
This is awesome when you classes convert exception classes. I now always subclass Nesty::NestedStandardError instead of StandardError for my own error classes.
About Exception#cause
Ruby 2.1 has a built-in mechanism with Exception#cause, which serves a similiar purpos...
Capybara: Finding invisible elements and how to test that an element is not visible
When Capybara locates elements in the DOM, by default it allows only accessing visible elements -- when you are using a driver that supports it (e.g. Selenium, not the default Rack::Test driver).
Consider the following HTML:
<div class="test1">One<div>
<div class="test2">Two</div>
With some CSS:
.test1 { display: block }
.test2 { display: none }
We will be using Capybara's find below, but this applies to any Capybara finder methods.
Default: visible: :visible or visible: true
As described above, by defa...
Rails: When to use :inverse_of in has_many, has_one or belongs_to associations
When you have two models in a has_many, has_one or belongs_to association, the :inverse_of option in Rails tells ActiveRecord that they're two sides of the same association.
Example with a has_many / belongs_to association:
class Forum < ActiveRecord::Base
has_many :posts, inverse_of: :forum
end
class Post < ActiveRecord::Base
belongs_to :forum, inverse_of: :posts
end
Knowing the other side of the same association Rails can optimize object loading so forum and forum.posts[0].forum will reference the same objec...
Configuring ActionMailer host and protocol for URL generation
When you generate a URL in a mailer view, ActionMailer will raise an error unless you previously configured it which hostname to use. Configuring the correct hostname is quite annoying when you have multiple deployment targets with different hostnames, e.g. a staging server and a production server.
Dynamic solution when mail is delivered from request cycle
Using the hack below you don't need to configure a default hostname for your mailers. They will always use the hostname for the current request:
class ApplicationController < Ac...
Traverse an ActiveRecord relation along an association
The
Edge Rider gem
Archive
gives your relations a method #traverse_association which
returns a new relation by "pivoting" around a named association.
Say we have a Post model and each Post belongs to an author:
class Post < ActiveRecord::Base
belongs_to :author
end
To turn a relation of posts into a relation of its authors:
posts = Post.where(:archived => false)
authors = posts.traverse_association(:author)
You can traverse multiple associations in a single call.
E.g. t...