As I work my way through it, I found myself eager to make my own notes, which are what you are reading this very moment. My intention was for these notes to serve as a sort of cheat-sheet as I built my own rails apps, but I find myself documenting ugly issues as they arise, as well as making comments of my own on rails topics.
Before you get started, consider doing a multi-terminal setup like I do to make you live more civilized jumping between the MVC directories (and others).
And I will make another up-front suggestion. The author drags you kicking and screaming into TDD (Test Driven Development), not to mention version control. I strongly recommend ignoring all the TDD material on the first time through the tutorial. TDD occupies over half of the tutorial and frankly gets in the way of learning rails. It is too much to ask of the student to be climbing all these learning curves in parallel. You absolutely can do rails without TDD and version control (just like you can do any software project without them). The continuity of rails learning experience is really disrupted by all the TDD material.
What I recommend is making two passes through the tutorial. The first time just do the rails stuff and ignore git and TDD. Then make a second pass and add the others, if you like. You are in charge as the student after all. I honestly think that this would greatly improve the rails learning experience. I will wager the author contemplated this, but said something like: "Yeah, but the lazy scumbags will never come back and do the second pass". Not all of us eat our daily portions of fruits and vegetables either. Actually he probably didn't say exactly that -- he seems like a nice guy for the most part.
A link to my heroku demo: My demo app at heroku.
Another side note - when I first started the tutorial I found that the tutorial site itself "locked up" now and then. I suspect javascript bugs in the site itself, in fact firebug complained about some fishy JSON business. All this seemed to get fixed and get better later, and a reload was usually sufficient to fix things.
As near as I can tell, the goal in Chapter 1 is just to get you to install and try out all the bits and pieces you will be needing to get through the rest of the tutorial. Even though I already was running rails on the machine I intended to use for the tutorial, I hit a number of serious snags. I am sure that at the time the tutorial was written, the author did all this on his system, with his set of packages, and this all worked. At least I hope so.
I am running a Fedora 17 linux system. Ruby 1.9.3 is installed along with Rails 3.2.6. I have Git already installed and have been using it for other things. I use vim already as my editor of choice. Since I will be using "vi", I need to mentally substitute "vi" for subl which is what the author uses as his editor of choice.
I decided to take the plunge and install RVM (the ruby version manager), as recommended. I merrily typed "yum install rvm" and there it was (or so I thought). However it turns out that the "rvm" package under fedora is actually something called the "recoverable virtual memory" library, not the ruby version manager.
So rvm and fedora is a knot yet to be untied. I am concerned about how rvm might interact with fedora RPM packages, gem packages, and all that. Perhaps someday.
I have gem 1.8.24, and he suggests freezing at this version via "gem update --system 1.8.24", but I don't. I place all the tutorial files into /u1/rails/tutorial (next to my current rails files, just to be tidy).
cd /u1/rails/tutorial rails new my_projectAs noted in the tutorial, app/assets is new (this is rails 3.2 after all) I edit the Gemfile to freeze package versions. The tutorial would like me to use rails 3.2.8, and I specify this in the Gemfile, then I must do bundle update (rather than bundle install), but it does bring in the newer version of rails, which is impressive.
When I type "rails server", it blows up looking for a javascript runtime (bummer). Something called Node.js is the recommended thing, but Fedora already has an existing package called "node" which contains a file /bin/node which would conflict with Node.js. No clue what the fedora "node" package is or does (and it is not installed on my system). There is a site that is unofficially supporting nodejs for Fedora:
I do this:yum localinstall --nogpgcheck http://nodejs.tchol.org/repocfg/amzn1/nodejs-stable-release.noarch.rpm yum install nodejs-compat-symlinks npmThis pulls in 33 dependent packages (a flock of nodejs packages as well as "v8").
And after this we can type "rails server" to get a demo server on localhost:3000. Great!
The tutorial dives into a nice introduction to the MVC (model/view/controller) concept in rails. I suppose at some point we will get a dose of propoganda about "REST" as well. Then we get a serious lesson about using git (which is fine by me since I am in transition from svn to git and I like git). I am going to bypass the business of using GitHub (so I can ignore the git remote add and git push commands in the tutorial).
Just so you know, git is a distributed version control system. This means that you always have a local repository that you add, commit, and checkout from. You may also have one (or none or several) remote repositories also. Quite different than SVN for example, but I like it a lot. Here is a cheatsheet of some git commands:
git init vi .gitignore git add . git commit -m "initial" git status git branch my_branch git commit -a -m "message" git checkout master git merge my_branch git branch -d my_branchThe final step in chapter 1 is deployment, which he does using a service called "Heroku". I am a total fan of what he says about deploying early and often. So, I set up an account on heroku, get the "toolbelt" (which goes to /usr/local/heroku), I set up a symbolic link from /usr/local/bin/heroku to /usr/local/heroku/bin/heroku (rather than putting the heroku bin directory on my path). Then I do heroku create -- which tells me:
Uploading SSH public key /home/tom/.ssh/id_dsa_cholla.pub... done Creating pure-forest-8703... done, stack is cedar http://pure-forest-8703.herokuapp.com/ | git@heroku.com:pure-forest-8703.git Git remote heroku addedThen I do "git push heroku master" and a lot of stuff happens, followed by the message:
! Detected sqlite3 gem which is not supported on Heroku. ! http://devcenter.heroku.com/articles/how-do-i-use-sqlite3-for-development ! ! Heroku push rejected, failed to compile Ruby/rails app To git@heroku.com:pure-forest-8703.gitWell, how about that!! The bottom line is that they recommend using: PostgreSQL and do not support sqlite3 (and they recommend against using sqlite3 for development and PostgreSQL for deployment).
Well, I think the best answer to this is to ignore their excellent recommendation (this is just a tutorial after all) and use sqlite3 for development and pOsTgReSQL for deployment. Basically following the advice along these lines given in:
What they say to do is to edit your Gemfile and replace the line:gem 'sqlite3'With this:
group :development, :test do gem 'sqlite3' end group :production do gem 'pg' endThen, once again type "bundle install --without production". What the --without production does is to allow you to avoid installing the pg gem on your local system. This would also involve you in installing pOSTgreSql, which would infuriate you just by the number of times you had to reach for your shift key.
After this, commit and push to heroku -- and it works!!
git commit -a -m "no sqlite3 on production" git push heroku master
And I can visit http://pure-forest-8703.herokuapp.com/ via my browser, and there is the app.
Only chapter 1 of the tutorial and we are already involved in several new and unexpected learning curves, and jumping through flaming hoops already! Rails has always been dynamic and exciting!
This chapter aims to lead the user through a quick application set up using scaffolding. I decided to use a different machine to work through this one (Also a Fedora 17 linux machine, but one that I have never installed rails on). Because of this, I have to repeat some steps from chapter one (as well as things I did long ago and forgot about).
yum install rubygem-railsThe install of rubygem-rails pulls in 30 packages, but gives me rails 3.0.11. To get the newer rails version as used in the tutorial, I do:
gem install railsThis pulls in version 3.2.8, which is great, and now I do "rails new demo_app" It blows up during the bundle install (while building json) with this message:
/usr/bin/ruby extconf.rb
mkmf.rb can't find header files for ruby at /usr/share/include/ruby.h
On a hunch, I do "yum install ruby-devel", then try again and I am OK.
Now I edit the Gemfile to lock down versions as instructed in the tutorial. It turns out I must have missed something in Chapter 1, as this has the changes to use PostGresql on the production site. After this:
bundle install --without productionWorks fine, I put things under git and procede to creating a user model by typing the command "rails generate scaffold User name:string email:string". (I note that this is new, rails will generate the database schema as part of the "generate" -- though this could quickly get cumbersome for anything complex). This blows up with "Could not find a JavaScript runtime", which we know about from Chapter 1. We install node.js for fedora via:
yum localinstall --nogpgcheck http://nodejs.tchol.org/repocfg/amzn1/nodejs-stable-release.noarch.rpm yum install nodejs-compat-symlinks npm(It is handy to keep a root window open for all of this kind of thing, I never use sudo). When this finishes, I repeat the command (it works now) and "migrate the database", whatever the heck that means (the tutorial doesn't explain and tells me that it might give me a clue in chapter 6).
rails generate scaffold User name:string email:string bundle exec rake db:migrate rails serverAnd indeed, after this I have my useless application talking to firefox at localhost:3000 -- Great! Note that running rake, prefixed by "bundle exec" ensures that the same gem package set is used by rake as has been selected for the application. Things aren't as nice as they seem though. As soon as I try to visit "/users" as instructed, I get this:
ExecJS::RuntimeError in Users#index Showing /u1/rails/tutorial/demo_app/app/views/layouts/application.html.erb where line #6 raised: nodejs: symbol lookup error: nodejs: undefined symbol: _ZN2v82V837AdjustAmountOfExternalAllocatedMemoryEi line #6 is: <%= javascript_include_tag "application" %>Apparently this is some kind of Node.js bug (and some google searching on the symbol lookup error yields a lot of information). The bug is reputed to be in the "v8" package - v8 is the javascript engine from Google. My evidence indicates that it is in Node.js itself (see below). One could complain about Google (they have a dubious reputation in the developer community), or one could complain about Rails dragging in every package besides the kitchen sink. The fix is apparently to get "v8" (and node.js) from a different repository. The buggy version of v8 I now have is from fedora-updates. The recommendation is to remove it, add the nodejs-stable repository, make sure v8 will not get installed from "updates" and reinstall. To ensure that v8 doesn't get pulled from fedora-updates, add the line "exclude=v8*" to the [updates] section of that repo control file.
yum -y remove v8 edit /etc/yum.repos.d/fedora-updates.repo and exclude "v8" yum localinstall --nogpgcheck http://nodejs.tchol.org/repocfg/fedora/nodejs-stable-release.noarch.rpm yum install npmThis seems to fix things, although I note that v8 gets installed from the "fedora" repository, not the nodejs-stable repository. I am content that things work, although I might feel better by adding the exclude=v8* line to the fedora.repo file as well and repeating this process. Actually I tried this, and it caused other problems with broken package dependencies, so go with what works.
I will also note that this is probably (hopefully) a transitory situation. As fedora packages get updated, the buggy node.js packages will get replaced by less buggy versions, new bugs will appear elsewhere, and so forth.
The tutorial now launches into some more discussion of MVC (it passed over "CRUD" - Create, Read, Update, Delete), though it did mention the list of database operations without the acronym. The tutorial gets five gold stars for discussing rails routing (which often does not get mentioned because it doesn't fit neatly into the MVC scheme and embarrases purists, or something like that). There is a brief mention of the all-too-popular "REST" acronym (Representational State Transfer), though without any useful discussion of what it is or why we should worry about it. And then the tutorial moves on to adding a Micropost "resource".
rails generate scaffold Micropost content:string user_id:integer bundle exec rake db:migrateAlthough the tutorial doesn't come right out and say it, it presents tables that show how the four http actions "POST, GET, PUT, and DELETE" along with URL's are mapped to controller actions by the rails routing code.
Note that while the database table (resource) is named "Micropost", the controller actions and URL's use the name "microposts". This is a standard rails convention. The tutorial goes on to introduce data validation and many to one mapping:
validates :content, :length => { :maximum => 140 }
has_many :microposts
belongs_to :user
When I try to run "rails console", I get:
/usr/local/share/gems/gems/activesupport-3.2.8/lib/active_support/dependencies.rb:251:in `require': cannot load such file -- minitest/unit (LoadError)Once again, google to the rescue. Apparently this is a fedora specific issue. The brute force fix is to add minitest to the Gemfile (so they say). But with Ruby 1.9 this should not be necessary as minitest is now part of the standard ruby library, there is just some fedora specific brain-damage that is causing this problem. See this discussion. As someone in the discussion says, "And people wonder why nobody uses the system package managers when installing Ruby..." I add the line "gem "minitest" to my Gemfile, run "bundle install --without production" and I can run "rails console", which suits me, see the discussion for other possible "cleaner" solutions.
And now, I would like to "deploy" from my home machine, so I need to get the heroku "thing" going on my home machine:
su wget -qO- https://toolbelt.heroku.com/install-other.sh | sh cd /usr/local/bin ln -s /usr/local/heroku/bin/heroku . heroku keys:add git remote add heroku git@heroku.com:pure-forest-8703.git git push heroku master heroku run rake db:migrateThe above push fails because the git repository at heroku holds to project from chapter one, and it makes no sense to just pushd the entirely different chapter two repository onto it, what I need to do is just nuke the repository at heroku and start over. We will get to that, but here are some nice heroku links: I will note that the "thin" webserver is recommended over the default "webrick" on heroku. You can switch to it via the following lines in the Gemfile:
group :production do gem 'thin' endI actually switched to it for everything and like it better, it starts much faster than webrick.
I will note that my app on heroku is using the generated name "pure-forest-8703", so I can do things like:
heroku info --app pure-forest-8703 === pure-forest-8703 Addons: heroku-postgresql:dev Git URL: git@heroku.com:pure-forest-8703.git Owner Email: ---@--- Repo Size: 6M Slug Size: 9M Stack: cedar Web URL: http://pure-forest-8703.herokuapp.com/The magic to force my new git repository on top of the old one is to add a plus sign in front of master, as follows:
git push heroku +masterProbably it would be better at some point to just destroy the application on heroku and start fresh. Looking ahead to chapter 3, it would seem that we will be starting over fresh there anyway, so we will start fresh with Heroku then.
A final question: where is the sqlite3 database file? As near as I can tell, this is simple, it is a single fine at db/development.sqlite3 Of course the deployment database is something different, a pOSTgresQl thing.
heroku destroy pure-forest-8703 --confirm pure-forest-8703This chapter promises to get us involved in automated testing. The verb "to refactor" is defined (it means to change the form of code without changing its function -- something I do all the time without putting a fancy name on it).
rails new sample_app --skip-test-unit edit Gemfile (see below) bundle install --without production rails generate rspec:install git init git add . git commit -m "get started" heroku create git push heroku masterI edit the Gemfile to lock versions (and I skip ahead and add all the gems as they hint that I might want to do as per chapter 9). I see my old friend will_paginate from a previous project. I also add "use 'thin'" since I found I like it better than "webrick" (not only do I like it better, but it doesn't have a ridiculous name). I also include the 'minitest' gem to get around the Fedora issue I tripped over in Chapter 2. It tells me I am using thin 1.5.0 (and minitest 4.1.0) and the bundle install goes cleanly.
gem 'thin' gem 'minitest'
My application is now called: sheltered-beach-2619.
I can use "git push heroku" whenever I feel good about things
(and let heroku be both my git remote repository and deployment site).
The command "heroku logs" can be useful in case of trouble.
All this is going entirely smoothly (knock on wood).
And now they are teaching me a new trick! I can type "vi ." and open a directory in vi, then use vi to navigate around the directory tree. I have done this now and then by accident, but never realized it could be useful. Given that when editing rails code you are always jumping from view to controller to model, this could be very nice.
After creating a static "hello.html" in public as directed, I make a git branch:
git checkout -b static-pages rails generate controller StaticPages home help --no-test-frameworkAnd I get to learn some new lingo (CamelCase and snake_case) for some conventions for typing names that I have used for years, but never knew there were names for. Isn't this tutorial great! And I learn that by substituting (with some care) the word "destroy" for "generate", I can undo things done by rails generation (which can involve many files). Nice to know if I want to change the name of a model or controller sometime. The word "rollback" also reverses a database "migrate". Nice to know, but I will appreciate it more when I understand what a migration is -- probably.
And a lesson on "REST" (the tutorial feeds this to us a bit at a time, lest we choke). The classic database CRUD actions map to HTML verbs as follows (more or less, kinda):
C - Create http "post" R - Read http "get" U - Update http "put" D - Delete http "delete"The way rails controllers work, is that when an action is being handled, first the method with the same name as the action in the controller is executed (for a static page this will usually be a stub method), then the view is rendered. For an action like "home" the view will be home.html.erb
git config --global user.name "Tom Trebisky" git config --global user.email tom@mmto.org git add . git commit -m "add static pages controller" git push heroku rails generate integration_test static_pages edit spec/requests/static_pages_spec.rb as described bundle exec rspec spec/requests/static_pages_spec.rb edit config/routes.rb edit app/controllers/static_pages_controller.rb create app/views/static_pages/about.html.erb
Now we dive into test driven development, learning about RSpec, Capybara, and down the road Cucumber. Amazing names (I like them much better than "webrick", excepting maybe RSpec which kinda falls flat). Along with passing tests, when I run "rails server", I can use URL's like: http://localhost:3000/static_pages/about.html
Heroku is not with me though. When I do "git push heroku", I keep getting "Everything up-to-date", which is bogus. I suspect this has something to do with branching (heroku is up to date with the master branch). I do this and it works. Heroku even starts up my new application version. I am told that Heroku will try to start the application in a new "dyno" (virtual cloud machine) first, and only switch to it if it starts properly. If it fails to start, the prior version of the application continues to run as if nothing happened.
git checkout master git merge static-pages git push heroku git checkout static-pagesThe above sequence does the trick. I switch to the master branch, merge in my changes, send them to heroku, and switch back to the static-pages branch for further work.
The chapter winds up with a discussion of "erb" (embedded ruby) and the methods "provide" and "yield". The advanced setup section though discusses "Guard" and "Spork" (more cool names) and automated testing, and ways to eliminate having to type "bundle exec" by using rvm. More than I have energy for today.
I was able to go through this pretty quickly, since I am already a veteran ruby programmer. But it is indeed worth going through, even for veterans. If nothing else I picked up the new Ruby 1.9 hash idiom of "key: value".
The tutorial adds an application helper module using more embedded ruby. A fair bit of hands on fiddling with the rails console to illustrate ruby concepts, and then on to:
The lesson now involves augmenting the layout using stylesheets, and in particular a thing called Bootstrap that was first invented for use with twitter. We also get to learn about something called sass which stands for "Syntactically Awesome Style Sheets", and claims to "make CSS fun again". Was it ever fun? Looks like we don't just get a rails tutorial, but we get to learn about everything but the kitchen sink (Can't we just learn rails without getting into stylesheets and server side javascript via Node, etc. etc. ?) Reminds me of a far-side comic where a guy is in the dentist chair with a dozen things in his mouth, and the doctor is holding a tennis ball, and says: "hope you don't mind, but we have a bet going on whether we can get this in there too".
We learn the trick/convention of using "#" as a target URL that has not been filled in yet. And then we learn (or rote copy) a lot of CSS and Bootstrap savvy markup. We learn about partials to augment and clean up views.
Rails assets consist of the off-to-the-side stuff like CSS, Javascript, and images. Now there is an official place to put this stuff. It used to have an official place (under public) and can still go there, but now there are 3 places: app/assets, lib/assets, and vendor/assets. A gem called "sprockets" now treats special css comments in a way that allows "master" css files to be "manifest files" that include all the others. Rails also recognizes several official file extensions to trigger preprocessors (.erb for embedded ruby, .scss for sass, and .coffee for coffeescript (whatever it is). Part of the game here is optimization. A collection of developer friendly files get lumped together into one file to be efficiently sent to the browser.
Sass adds a number of things to make CSS more pleasant. The tutorials discusses mixins, variables, and nesting via sass. We learn that we can replace "static_pages/about' with about_path (depending on the information in routes.rb). Lines like this:
match '/help', to: 'static_pages#help' root to: 'static_pages#home'Define help_path and help_url (as well as root_path and root_url) as handy by-products.
After all of this, the demo application appears at localhost:3000 without needing to include "static_pages" in the URL. Then we learn to clean up our rspec files and move on to creating a user controller.
rails generate controller Users new --no-test-framework rails generate integration_test user_pages bundle exec rspec spec/requests bundle exec rspec spec git commit -am "xxx" git checkout master git merge this_branch git push herokuThis gives us a user controller with a new action (which will fiddle routes.rb to be located at /signup).
We also delete public/index.html
It all was smooth until I deployed to Heroku. The application starts, but on the first access, it blows up with (Missing partial layouts/shim). It turns out this was some kind of mischief with git (none of the partials had been commited).
Finally - this tutorial gets to creating a model and a database. It turns out "migrations" are the rails way of setting up (and making changes to) the database structure; something I have always done outside of rails using MySQL scripts and other ugly business. I much like the idea of not dealing with SQL directly, as well as not caring if SQLite or MySQL is behind my rails project (I am going with SQLite for the first time while following this tutorial and am liking it).
git checkout -b user-model rails generate model User name:string email:string bundle exec rake db:migrateThe migration creates the user table with 3 automatically generated columns. The "id" field that rails expects is generated, along with two timestamps (created_at and updated_at), which is nice. The database itself is at: db/development.sqlite3.
The tutorial next instructs me to run the sqlite browser, which I do not have by default on my machine, and which does not appear to be available as an RPM for Fedora. So I need to build it, which is OK I guess:
yum groupinstall 'KDE Software Development' download source tarball tar xvf sqlitebrowser_200_b1_src.tar.gz cd trunk/sqlitebrowser qmake makeIt is based on the C++ "qt" libraries, which is why I need the KDE development bundle. I also fetch the source tarball sqlitebrowser_200_b1_src.tar.gz. The tarball contains "trunk/sqlitebrowser". My system does not have qmake, even after installing the KDE bundle, and I tend to loathe any software that does not just use vanilla make, so I am abandoning this for now at least. I may also need the sqlite-devel packages (or is it sqlite3-devel?).
As instructed, I add the annotate gem to my Gemfile and run "bundle install". This allows me to do:
bundle exec annotateThis does not get automatically done when you change the model and do migrations, you have to remember to run it whenever you do a migration that changes the model structure.
The tutorial discusses how to avoid a mass assignment security hole. Then we dive into playing with the model using the rails console, which goes just as the tutorial says it should. I note that when you destroy and then create, the destroyed id does not get recycled -- a find on that id will yield a RecordNotFound exception. The console is handy for exploring the ActiveRecord API, and when run with --sandbox you are guaranteed not to alter the database.
Now we are on to validations (for presence, length, format, uniqueness, and confirmation).
After editing spec/models/user_spec.rb it is necessary to:
bundle exec rake db:test:prepare bundle exec rspec spec/What this does is to initialize the test database from the development database prior to running tests. After monkeying around adding a number of validations, the tutorial discusses a uniqueness scenario that can only be solved at the database level, and this involves modifying the database by creating a migration. The modification is to add an index to the email column, which has the important side benefit (apart from enforcing uniqueness) of avoiding full table scans each time we do a lookup by email address.
rails generate migration add_index_to_users_email edit db/migrate/xxx_add_index_to_users_email bundle exec rake db:migrate
The final thing is to add a password feature, leveraging the rails "has_secure_password" functionality. To do this, a column with the mandatory name "password_digest" needs to be added to the database (model). Note that there are virtual attributes "password" and "password_confirmation" that hold the plaintext passwords, but they never get saved to the model. Also these are automatically generated by has_secure_password
rails generate migration add_password_digest_to_users password_digest:string bundle exec rake db:migrate bundle exec rake db:test:prepare
Done with chapter 6. This is the meat and potatoes I have been waiting for. This chapter got me up to speed with migrations (which are great). When done, we have a working model with validations and password authentication. What we are dying to see is the form to set up new users from the web, as well as the controller code to handle users signing in. This will come along in Chapter 7 and following.
Now things start getting interesting as we start building forms that can add stuff to our database. Just for the record, Rails has a "rails" object, with interesting attributes like an "env" hash. Also note that "heroku run console" will give you a rails console on heroku for your production server.
Next we add one line (and comment out another) in routes.rb:
#get "users/new" resources :usersAnd we get a diatribe on "REST", and I get a chance to grind an axe. Every rails book and resource I read on one hand dismisses REST as a complex topic that is too deep to delve into. My take on this is that most rails writers don't have a clue what it is all about. My take goes even further that it is mostly a bunch of smoke and mirrors wrapped around basic concepts we all know and take for granted. After telling us how complex and impossible to understand it is, they then tell us that it is the only way to do things, will feed the starving millions, right all wrongs, wax our car, etc. etc. I grow weary and irritated, and I go beyond that when I find some rails writer scolding the use of non-REST-ful practices. The fabricated word / bad pun makes me nauseous, or nauseated, or maybe both. As if MVC dogma wasn't bad enough, we have REST on top of it. Just show me how to get things done without making it all a pain in the a$$ and I'll be convinced.
Anyway, the new "resources" in the routes.rb file gives us a whole flock of useful actions as a package deal, which I can like. And we create the file app/views/users/show.html.erb with a single line, and then load up the @user variable in app/controllers/users_controller.rb and voila -- show/1 works!
With us feeling good about this bit of success, we dive back into TDD, and will learn about something called "factories" which apparently will load users into the database, which can then be tested. In fact a gem with the entertaining name "factory_girl_rails" will save the day. And we add a users_helper to inject a "gravatar" image for each user. We further dress up the user "show" page using CSS.
Now the real deal: a form to generate new user entries! The following two lines flush out any junk we have previously loaded into the database. The second line may not be needed (and I skipped it).
bundle exec rake db:reset bundle exec rake db:test:prepareIn the TDD world, Capybara augments Rspec and allows tests to simulate filling in forms, including clicking on buttons. A bunch of new stuff goes into spec/requests/user_pages_spec.rb and the form itself is built with the help of the "form_for(:user)" method in app/views/users/new.html.erb and we add the line "@user = User.new" to the new method in the user controller. There is some nice discussion about forms and how they ultimately yield a POST action to /users - which will end up looking for a create method in the user controller. A partial called app/views/shared/_error_messages.html.erb handles the display of error messages when a form is rejected. The pluralize method is a nice thing I have always wished for to avoid things like "you have 1 errors".
The style sheet keeps growing and growing ...
And then we get to the subject of the rails flash, along with a bogus statement that "the flash, which operates like flash memory in that it stores its data temporarily". Sorry Michael, but flash memory will store its data forever (until new data is written) and in no way does it act like a rails flash. Anyway, a bit of code in app/views/layouts/application.html.erb allows the contents of the flash to displayed as needed (the flash gets displayed once, then goes away). Once this is done, we can add lines like this:
flash[:success] = "Welcome to the Sample App!"which is just what we do in the user controller create action.
To use SSL in production (which would be reasonable to do to avoid session hijacking and to allow secure password transmission), you add one line to config/environments/production.rb
# Force all access to the app over SSL, use Strict-Transport-Security, # and use secure cookies. config.force_ssl = true
The first topic is implementing sessions via cookies. And the whole business is discussed as being within a "RESTful" framework, making clear to me what I have suspected all along, namely that the rails community is clueless about what REST is. They are using words like "RESTful" in their own peculiar way, and it will serve us well to figure out what that is, entirely apart from what REST itself is. (cookies are the most notorious violation of REST principles on the web, not that I care personally, but ...).
rails generate controller Sessions --no-test-framework rails generate integration_test authentication_pagesThen we add routing to new/create and destroy (a subset of the usual REST actions). We add new, create, and destroy stub methods to the new session controller. We add a view for new and we can pass the first round of tests.
Now we create a form by hand (in the sessions/new view), whereas for users, it was basically built for us from the model (we have no sessions model).
And now we see a violation of the MVC paradigm as a view helper needs to be available to a controller. So, don't feel bad if to get the job done your work doesn't fit neatly into the MVC scheme. The tutorial discusses one option (storing the user ID in a cookie that expires after the browser session is done), but then opts for another option, namely storing a "remember_token" in the user database. This means that sessions persist forever (until the user explicitly signs out), but also means we get to modify and migrate the user table.
rails generate migration add_remember_token_to_users -- edit migration file bundle exec rake db:migrate bundle exec rake db:test:prepare bundle exec rspec spec/models/user_spec.rbNote that the migration file needs to be edited to add the new column and index.
We then add a private method "create_remember_token" to the user model and set up a before_save callback to it to generate the user token. We add the sign_in method to the file app/helpers/sessions_helper.rb.
I find it ironic to find the following quote: "much of the elegance of Rails ultimately derives from the malleability of the underlying Ruby language." All this in the midst of rails being opinionated software. Well, the rails developers are a bunch of hypocrites, what can we say.Note that without site-wide SSL, using tokens stored in a cookie would make us vulnerable to session hijacking via a replay attack.
We add a current_user() and current_user=() method to the session_helper.rb file, and are exposed to a ruby idiom "a ||= b", which sets to value of a only if it is nil.
We have to add bootstrap to app/assets/javascripts/application.js Now things are more or less working, but any users currently in the database do not have remember tokens set. We use the rails console to fix this. I only had one user in my database, so I could do:
User.first.save(validate: false)With more than one user, you might need to do:
User.all.each { |user| user.save(validate: false) }
To view cookies under firefox, right click on the website, then select "view page info", select the Permissions tab and click the view cookies button.
Signout blows up with a missing template for sessions/destroy -- this is fixed by this method in sessions_controller.rb (this involves adding a sign_out method alongside sign_in in app/helpers/sessions_helper.rb).
def destroy
sign_out
redirect_to root_url
end
The final section in chapter 8 introduces "cucumber", which is an alternate way to write
tests in a very human readable language (called gherkin).
The tutorial is moving along much faster and more nicely now that I have a rational way of hopping around in the rails directory structure.
We add tests, then an edit action to the users controller. Note that when we run tests with the "-e" switch as follows:
bundle exec rspec spec/requests/user_pages_spec.rb -e "edit page"We get an error "Unknown switches '-e'", so clearly the tutorial is out of synch with this aspect of the current rails.
The tutorial describes a subtle issue. The same form_for(@user) is used to edit the user as is used to create a new user. Yet the create form asks for a plain old POST for the create, but fakes a PUT for the edit. It does this dynamically by detecting whether or not the record exists using the new_record? boolean method in ActiveRecord, which is cool.
After adding the user edit form, we move on to authorization. Authentication is deciding if a user is who he says he is, authorization is limiting what an authenticated user can do. Now that I have added the sign_in(user) method to spec/support/utilities.rb I am getting the error: