Active Record attributes API is used by Rails internally for a long time. InRails 5 release, attributes API was made public and allowed support for customtypes.

What is attribute API?

Attribute API converts the attribute value to an appropriate Ruby type. Here ishow the syntax looks like.

attribute(name, cast_type, options)

The first argument is the name of the attribute and the second argument is thecast type. Cast type can be string, integer or custom type object.

# db/schema.rbcreate_table :movie_tickets, force: true do |t|  t.float :priceend# without attribute APIclass MovieTicket < ActiveRecord::Baseendmovie_ticket = MovieTicket.new(price: 145.40)movie_ticket.save!movie_ticket.price   # => Float(145.40)# with attribute APIclass MovieTicket < ActiveRecord::Base  attribute :price, :integerendmovie_ticket.price   # => 145

Before using attribute API, movie ticket price was a float value, but afterapplying attribute on price, the price value was typecast as integer.

The database still stores the price as float and this conversion happens only inRuby land.

Now, we will typecast movie release_date from datetime to date type.

# db/schema.rbcreate_table :movies, force: true do |t|  t.datetime :release_dateendclass Movie < ActiveRecord::Base  attribute :release_date, :dateendmovie.release_date # => Thu, 01 Mar 2018

We can also add default value for an attribute.

# db/schema.rbcreate_table :movies, force: true do |t|  t.string :license_number, :stringendclass Movie < ActiveRecord::Base  attribute :license_number,            :string,            default: "IN00#{Date.current.strftime('%Y%m%d')}00#{rand(100)}"end# without attribute API with default value on license numberMovie.new.license_number  # => nil# with attribute API with default value on license numberMovie.new.license_number  # => "IN00201805250068"

Custom Types

Let's say we want the people to rate a movie in percentage. Traditionally, wewould do something like this.

class MovieRating < ActiveRecord::Base  TOTAL_STARS = 5  before_save :convert_percent_rating_to_stars  def convert_percent_rating_to_stars    rating_in_percentage = value.gsub(/\%/, '').to_f    self.rating = (rating_in_percentage * TOTAL_STARS) / 100  endend

With attributes API we can create a custom type which will be responsible tocast to percentage rating to number of stars.

We have to define the cast method in the custom type class which casts thegiven value to the expected output.

# db/schema.rbcreate_table :movie_ratings, force: true do |t|  t.integer :ratingend# app/types/star_rating_type.rbclass StarRatingType < ActiveRecord::Type::Integer  TOTAL_STARS = 5  def cast(value)    if value.present? && !value.kind_of?(Integer)      rating_in_percentage = value.gsub(/\%/, '').to_i      star_rating = (rating_in_percentage * TOTAL_STARS) / 100      super(star_rating)    else      super    end  endend# config/initializers/types.rbActiveRecord::Type.register(:star_rating, StarRatingType)# app/models/movie.rbclass MovieRating < ActiveRecord::Base  attribute :rating, :star_ratingend

Querying

The attributes API also supports where clause. Query will be converted to SQLby calling serialize method on the type object.

class StarRatingType < ActiveRecord::Type::Integer  TOTAL_STARS = 5  def serialize(value)    if value.present? && !value.kind_of?(Integer)      rating_in_percentage = value.gsub(/\%/, '').to_i      star_rating = (rating_in_percentage * TOTAL_STARS) / 100      super(star_rating)    else      super    end  endend# Add new movie rating with rating as 25.6%.# So the movie rating in star will be 1 of 5 stars.movie_rating = MovieRating.new(rating: "25.6%")movie_rating.save!movie_rating.rating   # => 1# Querying with rating in percentage 25.6%MovieRating.where(rating: "25.6%")# => #<ActiveRecord::Relation [#<MovieRating id: 1000, rating: 1 ... >]>

In Rails 5, we can go a step further and createthread specific class or module level variables.

Here is an example which demonstrates an example on how to use it.

module CurrentScope  thread_mattr_accessor :user_permissionsendclass ApplicationController < ActionController::Base  before_action :set_permissions  def set_permissions    user = User.find(params[:user_id])    CurrentScope.user_permissions = user.permissions  endend

Now CurrentScope.user_permissions will be available till the lifetime ofcurrently executing thread and all the code after this point can use thisvariable.

For example, we can access this variable in any of the models without explicitlypassing current_user from the controller.

class BookingsController < ApplicationController  def create    Booking.create(booking_params)  endendclass Booking < ApplicationRecord  validate :check_permissions  private  def check_permissions    unless CurrentScope.user_permissions.include?(:create_booking)      self.errors.add(:base, "Not permitted to allow creation of booking")    end  endend

It internally usesThread.current#[]=method, so all the variables are scoped to the thread currently executing. Itwill also take care of namespacing these variables per class or module so thatCurrentScope.user_permissions and RequestScope.user_permissions will notconflict with each other.

If you have usedPerThreadRegistrybefore for managing global variables, thread_mattr_* & thread_cattr_*methods can be used in place of it starting from Rails 5.

Globals are generally bad and should be avoided but this change provides nicerAPI if you want to fiddle with them anyway!

Started GET "/assets/application.self-4a04ce68c5ebf2d39fba46316802f17d0a73fadc4d2da50a138d7a4bf2d26a84.css?body=1" for 127.0.0.1 at 2016-09-02 10:23:04 +0530Started GET "/assets/bootstrap/transition.self-6ad2488465135ab731a045a8ebbe3ea2fc501aed286042496eda1664fdd07ba9.js?body=1" for 127.0.0.1 at 2016-09-02 10:23:04 +0530Started GET "/assets/bootstrap/collapse.self-2eb697f62b587bb786ff940d82dd4be88cdeeaf13ca128e3da3850c5fcaec301.js?body=1" for 127.0.0.1 at 2016-09-02 10:23:04 +0530Started GET "/assets/jquery_ujs.self-e87806d0cf4489aeb1bb7288016024e8de67fd18db693fe026fe3907581e53cd.js?body=1" for 127.0.0.1 at 2016-09-02 10:23:04 +0530Started GET "/assets/jquery.self-660adc51e0224b731d29f575a6f1ec167ba08ad06ed5deca4f1e8654c135bf4c.js?body=1" for 127.0.0.1 at 2016-09-02 10:23:04 +0530

Fortunately, we could include quiet_assets gem in our application. It turnsoff the Rails asset pipeline log in development mode.

Started GET "/assets/application.js" for 127.0.0.1 at 2016-08-28 19:35:34

quiet_assets is part of Rails 5

Now quiet_assets gem is folded into Rails 5 itself.

A new configuration config.assets.quiet which when set to true,loads a rack middleware named Sprockets::Rails::QuietAssets.This middleware checks whether the current request matches assets prefix pathand if it does, it silences that request.

This eliminates the need to add external gem for this.

By default,config.assets.quiet is set to truein development mode. So we don't have to do anything. It just works out of thebox.

Compatibility with older versions of Rails

This functionality has been backported to sprockets-rails 3.1.0 and is availablein Rails 4.2.7 as well.

Eagerload paths

Autoloading is not thread-safeand hence we need to make sure that all constants are loaded when applicationboots. The concept of loading all the constants even before they are actuallyneeded is called "Eager loading". In a way it is opposite of "Autoloading". Inthe case of "Autoloading" the application does not load the constant until it isneeded. Once a class is needed and it is missing then the application startslooking in "autoloading paths" to load the missing class.

eager_load_paths contains a list of directories. When application boots inproduction then the application loads all constants found in all directorieslisted in eager_load_paths.

We can add directories to eager_load_paths as shown below.

# config/application.rbconfig.eager_load_paths << Rails.root.join('lib')

In Rails 5 autoloading is disabled for production environment by default

Withthis commitRails will no longer do Autoloading in production after it has booted.

Rails will load all the constants from eager_load_paths but if a constant ismissing then it will not look in autoload_paths and will not attempt to loadthe missing constant.

This is a breaking change for some applications. For vast majority of theapplications this should not be an issue.

In the rare situation where our application still needs autoloading in theproduction environment, we can enable it by setting upenable_dependency_loading to true as follows:

# config/application.rbconfig.enable_dependency_loading = trueconfig.autoload_paths << Rails.root.join('lib')

Even when a web app is available over https, some users may end up visitingthe http version of the app, losing the security https provides.

It is important to redirect users to the https URLs whenever possible.

Forcing HTTPS in Rails

We can force users to use HTTPS by setting config.force_ssl = true.

If we look at Rails source code, we can see that when we setconfig.force_ssl = true, a middleware ActionDispatch::SSL, is inserted intoour apps middleware stack :

if config.force_sslmiddleware.use ::ActionDispatch::SSL,config.ssl_optionsend

This middleware, ActionDispatch::SSL is responsible for doing three things :

1. Redirect all http requests to their https equivalents.

2. Set secure flag on cookies to tell browsers that these cookies must not besent for http requests.

3. Add HSTS headers to response.

Let us go through each of these.

Redirect all http requests to their https equivalents

In Rails 5, we can configure the behavior of redirection using the redirectkey in the config.ssl_options configuration.

In previous versions of Rails, whenever an http request was redirected tohttps request, it was done with an HTTP 301 redirect.

Browsers cache 301 redirects. When forcing https redirects, if at any point wewant to test the http version of the page, it would be hard to browse it,since the browser would redirect to the https version. Although this is thedesired behavior, this is a pain during testing and deploying.

Rails 5 lets usspecify the status code for redirection,which can be set to 302 or 307 for testing, and later to 301 when we areready for deployment to production.

We can specify the options for redirection in Rails 5 as follows :

...  config.force_ssl = true  config.ssl_options = {  redirect: { status: 307, port: 81 } }...

If a redirect status is not specified, requests are redirected with a 301status code.

There is an upcoming change to makethe status code used for redirecting any non-GET, non-HEAD http requests to307 by default.

Other options accepted by ssl_options under redirect key are host andbody .

Set secure flags on cookies

By setting the Secure flag on a cookie, the application can instruct thebrowser not to send the cookie in clear text. Browsers which support this flagwill send such cookies only through HTTPS connections.

Setting secure flag on cookies is important to prevent cookie hijacking byman in the middle attacks.

In case of a "man in the middle" attack, the attacker places oneself between theuser and the server. By doing this, attacker aims to collect cookies which aresent from user to server on every request. However, if we mark the cookies withsensitive information as Secure, those cookies won't be sent on httprequests. This ensures that the browser never sends cookies to an attacker whowas impersonating the webserver at an http end point.

Upon enabling config.force_ssl = true, the ActionDispatch::SSL middlewaresets the Secure flag on all cookies by default.

Set HSTS Headers on Responses

HSTS or "HTTPStrict Transport Security" is a security enhancement by which applications canspecify themselves as HTTPS-only to complying browsers.

HSTS capabilities of a browser can be used by sending appropriate responseheaders from the server. When a domain is added to the HSTS list of a browser,the browser redirects to the https version of the URL without the help of theserver.

Chrome maintains an HSTS Preload List with alist of domains which are hardcoded into chrome as HTTPS only. This list is alsoused by Firefox and Safari.

Rails 5 has a configuration flag to set the preload directive in the HSTSheader and can be used as follows :

config.ssl_options = { hsts: { preload: true } }

We can also specify a max-age for the HSTS header.

Rails 5 by default sets the max-age of HSTS header to 180 days, which isconsidered as the lower bound bySSL Labs SSL Test . This period is alsoabove the 18 week requirement for HSTS max-age mandated for inclusion inbrowser preload list.

We can specify a custom max-age by :

  config.ssl_options = { hsts: { expires: 10.days } }

In Rails 5, if we disable HSTS by setting :

config.ssl_options = { hsts: false }

Rails 5 will set the value of expires header to 0, so that browsers immediatelystop treating the domain as HTTPS-only.

With custom redirect status and greater control over the HSTS header, Rails 5lets us roll out HTTPS in a controlled manner, and makes rolling back of thesechanges easier.

The cookies have a storage limit of 4K and cookie overflow exception is raisedif we attempt to store more than 4K of data in it.

Cookie overflow issue with Rails 4.x

Flash messages are persisted across requests with the help of session storage.

Flash messages like flash.now are marked as discarded for next request. So, onnext request, it gets deleted before reconstituting the values.

This unnecessary storage of discarded flash messages leads to more consumptionof data in the cookie store. When the data exceeds 4K limit, Rails throwsActionDispatch::Cookies::CookieOverflow.

Let us see an example below to demonstrate this.

class TemplatesController < ApplicationControllerdef search@templates = Template.search(params[:search])flash.now[:notice] = "Your search results for #{params[:search]}"flash[:alert] = "Alert message"p session[:flash]endend#logs{"discard"=>["notice"],"flashes"=>{"notice"=>"Your search results for #{Value of search params}","alert"=>"Alert message"}}

In the above example, it might be possible that params[:search] is largeamount of data and it causes Rails to raise CookieOverflow as the sessionpersists both flash.now[:notice] and flash[:alert] .

Rails 5 removes discarded flash messages

In Rails 5,discarded flash messages are removedbefore persisting into the session leading to less consumption of space andhence, fewer chances of CookieOverflow being raised.

class TemplatesController < ApplicationControllerdef search@templates = Template.search(params[:search], params[:template])flash.now[:notice] = "Your search results for #{params[:search]} with template #{params[:template]}"flash[:alert] = "Alert message"p session[:flash]endend#logs{"discard"=>[], "flashes"=>{"alert"=>"Alert message"}}

We can see from above example, that flash.now value is not added in session inRails 5 leading to less chances of raisingActionDispatch::Cookies::CookieOverflow.

What is alias_method_chain and when to use it

A lot of good articles have been written by some very smart people on the topicof "alias_method_chain". So we will not be attempting to describe it here.

Ernier Miller wroteWhen to use alias_method_chainmore than five years ago but it is still worth a read.

Using Module#prepend to solve the problem

Ruby 2.0 introduced Module#prepend which allows us to insert a module beforethe class in the class ancestor hierarchy.

Let's try to solve the same problem using Module#prepend.

module Flanderizer  def hello    "#{super}-diddly"  endendclass Person  def hello    "Hello"  endend# In ruby 2.0Person.send(:prepend, Flanderizer)# In ruby 2.1Person.prepend(Flanderizer)flanders = Person.newputs flanders.hello #=> "Hello-diddly"

Now we are back to being nice to our neighbor which should make Ernie happy.

Let's see what the ancestors chain looks like.

flanders.class.ancestors # => [Flanderizer, Person, Object, Kernel]

In Ruby 2.1 both Module#include and Module#prepend became a public method.In the above example we have shown both Ruby 2.0 and Ruby 2.1 versions.

A Rails upgrade can be boiled down to following essential steps :

1. Have a green build
2. Update the Rails version in Gemfile and bundle
3. Run the update task to update configuration files
4. Run tests and sanity checks to see if anything is broken by the upgrade andfix the issues
5. Repeat step 4!

Rails 5 comes with a lot of new features. Some of them, likenot halting the callback chain when a callback returns false,are breaking changes for older apps.

To keep the upgrade process easier, Rails 5 has added feature flags for all ofthese breaking changes.

When we create a brand new Rails 5 app, all of the feature flags will be turnedon. We can see these feature flags inconfig/initializers/new_framework_defaults.rb file.

But when we upgrade an app to Rails 5, just updating the Gemfile and bundling isnot enough.

We need to run the bin/rails app:update task which will update fewconfigurations and also add config/initializers/new_framework_defaults.rbfile.

Rails will turn off all the feature flags in theconfig/initializers/new_framework_defaults.rb file while upgrading an olderapp. In this way our app won't break due to the breaking features.

Lets take a look at these configuration flags one by one.

Enable per-form CSRF tokens

Starting from Rails 5,each form will get its own CSRF token. Thischange will have following feature flag.

Rails.application.config.action_controller.per_form_csrf_tokens

For new apps, it will be set to true and for older apps upgraded to Rails 5,it will be set to false. Once we are ready to use this feature in our upgradedapp, we just need to change it to true.

Enable HTTP Origin Header checking for CSRF mitigation

For additional defense against CSRF attacks, Rails 5 has a feature to check HTTPOrigin header against the site's origin. This will be disabled by default inupgraded apps using the following configuration option:

Rails.application.config.action_controller.forgery_protection_origin_check

We can set it to true to enable HTTP origin header check when we are ready touse this feature.

Make Ruby 2.4 preserve the timezone of the receiver

In Ruby 2.4 the to_time method for bothDateTime and Time will preserve the timezone of the receiverwhen converting to an instance of Time.For upgraded apps, this feature is disabled by setting the followingconfiguration option to false :

ActiveSupport.to_time_preserves_timezone

To use the Ruby 2.4+ default of to_time, set this to true .

Require belongs_to associations by default

In Rails 5, when we define a belongs_to association,the association record is required to be present.

In upgraded apps, this validation is not enabled. It is disabled using thefollowing option:

Rails.application.config.active_record.belongs_to_required_by_default

We can update our code to use this feature and turn this on by changing theabove option to true.

Do not halt callback chain when a callback returns false

In Rails 5,callback chain is not halted when a callback returns false.This change is turned off for backward compatibility with the following optionset to true:

ActiveSupport.halt_callback_chains_on_return_false

We can use the new behavior of not halting the callback chain after making surethat our code does not break due to this change and changing the value of thisconfig to false.

Configure SSL options to enable HSTS with subdomains

HTTP Strict Transport Security or HSTS, is a web security policy mechanism whichhelps to protect websites against protocol downgrade attacks and cookiehijacking. Using HSTS, we can ask browsers to make connections using only HTTPS.In upgraded apps, HSTS is not enabled on subdomains. In new apps HSTS is enabledusing the following option :

Rails.application.config.ssl_options = { hsts: { subdomains: true } }

Having all these backward incompatible features which can be turned on one byone after the upgrade, in one file, eases the upgrade process. This initializeralso has helpful comments explaining the features!

Happy Upgrading!

After cache digests were introduced in Rails, all calls to #cache in viewsautomatically append a digest of that template and all of its dependencies tothe cache key.

So developers no longer need to manually discard cache for the specifictemplates they make changes to.

# app/views/users/show.html.erb<% cache user do %>  <h1>All Posts</h1>  <%= render user.posts %><% end %># app/views/posts/_post.html.erb<% cache post do %>  <p> <%= post.content %></p>  <p> <%= post.created_at.to_s %>  <%= render 'posts/completed' %><% end %>

This creates a caching key something like thisviews/users/605416233-20129410191209/d9fb66b12bx8edf46707c67ab41d93cb2 whichdepends upon the template and its dependencies.

So, now if we change posts/_completed.html.erb, it will change cache key andthus it allows cache to expire automatically.

Explicit dependencies

As we saw in our earlier example, Rails was able to determine templatedependencies implicitly. But, sometimes it is not possible to determinedependencies at all.

Let's see an example below.

# app/views/users/show.html.erb<% cache user do %>  <h1>All Posts</h1>  <%= render user.posts %><% end %># app/views/posts/_post.html.erb<% cache post do %>  <p> <%= post.content %></p>  <p> <%= post.created_at.to_s %>  <%= render_post_complete_or_not(post) %><% end %># app/helpers/posts_helper.rbmodule PostsHelper  def render_post_complete_or_not(post)    if post.completed?      render 'posts/complete'    else      render 'posts/incomplete'    end  endend

To explicitly add dependency on this template, we need to add acomment in special formatas follows.

  <%# Template Dependency: posts/complete %>  <%# Template Dependency: posts/incomplete %>

If we have multiple dependencies, we need to add special comments for all thedependencies one by one.

# app/views/posts/_post.html.erb<% cache post do %>  <p> <%= post.content %></p>  <p> <%= post.created_at.to_s %>  <%# Template Dependency: posts/complete %>  <%# Template Dependency: posts/incomplete %>  <%= render_post_complete_or_not(post) %><% end %>

Using Wildcard in Rails 5

In Rails 5, we can now use awildcard for adding dependencies onmultiple files in a directory. So, instead of adding files one by one we can adddependency using wildcard.

# app/views/posts/_post.html.erb<% cache post do %>  <p> <%= post.content %></p>  <p> <%= post.created_at.to_s %>  <%# Template Dependency: posts/* %>  <%= render_post_complete_or_not(post) %><% end %>

Previously we could only pass a single record to these methods but now Rails 5adds support for accepting a collection of records as well. For example,

def index  @posts = Post.all  fresh_when(etag: @posts, last_modified: @posts.maximum(:updated_at))end

or simply written as,

def index  @posts = Post.all  fresh_when(@posts)end

This works with stale? method too, we can pass a collection of records to it.For example,

def index  @posts = Post.all  if stale?(@posts)    render json: @posts  endend

To see this in action, let's begin by making a request at /posts.

$ curl -I http://localhost:3000/postsHTTP/1.1 200 OKX-Frame-Options: SAMEORIGINX-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffETag: W/"a2b68b7a7f8c67f1b88848651a86f5f5"Content-Type: text/html; charset=utf-8Cache-Control: max-age=0, private, must-revalidateX-Request-Id: 7c8457e7-9d26-4646-afdf-5eb44711fa7bX-Runtime: 0.074238

In the second request, we would send the ETag in If-None-Match header to checkif the data has changed.

$ curl -I -H 'If-None-Match: W/"a2b68b7a7f8c67f1b88848651a86f5f5"' http://localhost:3000/postsHTTP/1.1 304 Not ModifiedX-Frame-Options: SAMEORIGINX-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffETag: W/"a2b68b7a7f8c67f1b88848651a86f5f5"Cache-Control: max-age=0, private, must-revalidateX-Request-Id: 6367b2a5-ecc9-4671-8a79-34222dc50e7fX-Runtime: 0.003756

Since there's no change, the server returned HTTP/1.1 304 Not Modified. Ifthese requests were made from a browser, it would automatically use the versionin its cache on the second request.

The second request was obviously faster as the server was able to save the timeof fetching data and rendering it. This can be seen in Rails log,

Started GET "/posts" for ::1 at 2016-08-06 00:39:44 +0530Processing by PostsController#index as HTML   (0.2ms)  SELECT MAX("posts"."updated_at") FROM "posts"   (0.1ms)  SELECT COUNT(*) AS "size", MAX("posts"."updated_at") AS timestamp FROM "posts"  Rendering posts/index.html.erb within layouts/application  Post Load (0.2ms)  SELECT "posts".* FROM "posts"  Rendered posts/index.html.erb within layouts/application (2.0ms)Completed 200 OK in 31ms (Views: 27.1ms | ActiveRecord: 0.5ms)Started GET "/posts" for ::1 at 2016-08-06 00:39:46 +0530Processing by PostsController#index as HTML   (0.2ms)  SELECT MAX("posts"."updated_at") FROM "posts"   (0.1ms)  SELECT COUNT(*) AS "size", MAX("posts"."updated_at") AS timestamp FROM "posts"Completed 304 Not Modified in 2ms (ActiveRecord: 0.3ms)

Cache expires when collection of records is updated. For example, an addition ofa new record to the collection or a change in any of the records (which changesupdated_at) would change the ETag.

Now that Rails 5 supports collection of records in fresh_when and stale?, wehave an improved system to cache resources and make our applications faster.This is more helpful when we have controller actions with time consuming dataprocessing logic.

In Rails, for setting up test data we use fixtures. Fixtures are written as YAMLfiles placed in test/fixtures directory in the Rails app.

The model name of a fixture is automatically picked up from the fixture filename.

Generally in Rails, the model name and table name follow a strict convention.The table for User model will be users. By this convention, the fixture filefor User model is test/fixtures/users.yml.

But sometimes model names do not match directly with the table name. When we arebuilding on top of a legacy application or we have namespacing of models, wemight run into this scenario. In such cases detection of model name from fixturefile name becomes difficult.

When automatic detection of model name from fixture file name fails, we canspecify the table name using theset_fixture_classmethod. Take a look at our olderblog for an example of how to dothis.

One drawback of using this approach is that, the model name set usingset_fixture_class is available only in the context of tests. When we runrake db:fixtures:load to load the fixtures, the tests are not run, and thefixture file is not associated with the model name we set usingset_fixture_class. This will cause failure to load the fixtures correctly.

The Rails 5 way

In Rails 5 a new key is added tospecify the model name for a fixture file.

Let us consider the example where our table was named morning_appts, and weused a more appropriately named model MorningAppointment to represent thistable.

We can now set the table name in our fixture filetest/fixtures/morning_appts.yml as follows :

_fixture:  model_class: MorningAppointmentstandup:  name: Standup  priority: 1

The special key _fixture in the fixture file is now used to store metadataabout the fixture. model_class is the key we can use to specify the model namefor the fixture.

We can now use this fixture to load test data using the rake taskrake db:fixtures:load as well.

Happy Testing!

Inheriting from HashWithIndifferentAccess allowed programmers to callenumerable methods over ActionController::Parameters, which causedActionController::Parameters to lose its @permitted state there by renderingStrong Parameters as a barebone Hash. Thischangewould discourage such operations.

However since this change would have meant a major impact on all of theupgrading applications as they would have crashed with a NoMethodErrorfor allof those undesired methods. Hence this feature would go through a deprecationcycle, showing deprecation warnings for all of those HashWithIndifferentAccessmethod usages.

class Parameters...def method_missing(method_sym, *args, &block)  if @parameters.respond_to?(method_sym)    message = <<-DEPRECATE.squish      Method #{method_sym} is deprecated and will be removed in Rails 5.1,      as `ActionController::Parameters` no longer inherits from      hash. Using this deprecated behavior exposes potential security      problems. If you continue to use this method you may be creating      a security vulnerability in your app that can be exploited. Instead,      consider using one of these documented methods which are not      deprecated: http://api.rubyonrails.org/v#{ActionPack.version}/classes/ActionController/Parameters.html    DEPRECATE    ActiveSupport::Deprecation.warn(message)    @parameters.public_send(method_sym, *args, &block)  else    super  endend...end

If you need to convert ActionController::Parameters in a true hash then itsupports to_h method. Also ActionController::Parameters will continue tohave methods like fetch, slice, slice!, except, except!, extract!, delete etc.You can take a detailed look at themhere.

As we can see user_id has conflict in both projection and GROUP BY as theyare not prepended with the table name posts in the generated SQL and thus,raising SQL error Column 'user_id' in field list is ambiguous.

Fix in Rails 5

This issue has been addressed in Rails 5 withthis pull request.

With this fix, we can now group by columns having same name in both thetables.

users(:id, :name)posts(:id, :title, :user_id)comments(:id, :description, :user_id, :post_id)>> Post.joins(:comments).group(:user_id).countSELECT COUNT(*) AS count_all, "posts"."user_id" AS posts_user_id FROM "posts" INNER JOIN "comments" ON "comments"."post_id" = "posts"."id" GROUP BY "posts"."user_id"=> { 1 => 1 }

This shows that now both projection and Group By are prepended with theposts table name and hence fixing the conflict.

We could implement the filter as shown here.

Patient.where("lower(first_name) = ?", first_name.downcase)

There might be many users with the same name. In such cases, to speed up thesearch process, we can add an index. But, adding a regular index will nottrigger an index scan since we are using an expression in the where clause i.elower(name). In such cases, we can leverageexpression indexes given by PostgreSQL.

Before Rails 5 adding an expression index is not straightforward since themigrate api does not support it. In order to add one we would need to ditchschema.rb and start using structure.sql. We would also need to add followingmigration.

def upexecute <<-SQLCREATE INDEX patient_lower_name_idx ON patients (lower(name));SQLenddef downexecute <<-SQLDROP INDEX patient_lower_name_idx;SQLend

Rails 5 adds support for expression indexes

Rails 5 providesability to add an expression index using add_index methodas follows:

def changeadd_index :patients,'lower(last_name)',name: "index_patients_on_name_unique",unique: trueend

And we also get to keep schema.rb.

Time goes on. everyone is happy with the search functionality until one day anew requirement comes along which is, in short, to have partial matches onpatient names.

We modify our search as follows:

User.where("lower(name) like ?", "%#{name.downcase}%")

Since the query is different from before, PostgreSQL query planner will not takethe already existing btree index into account and will revert to a sequentialscan.

Quoting directly from Postgresql documents,

'The operator classes text_pattern_ops, varchar_pattern_ops, and bpchar_pattern_ops support B-tree indexes on the types text, varchar, and char respectively. The difference from the default operator classes is that the values are compared strictly character by character rather than according to the locale-specific collation rules. This makes these operator classes suitable for use by queries involving pattern matching expressions (LIKE or POSIX regular expressions) when the database does not use the standard "C" locale.'

We need to add an operator class to the previous index for the query planner toutilize the index that we created earlier.

Rails 5 adds support for specifying operator classes on expression indexes

In order to add an index with an operator class we could write our migration asshown below.

def changeremove_index :patients, name: :index_patients_on_name_uniqueadd_index :patients, 'lower(last_name) varchar_pattern_ops',name: "index_patients_on_name_unique",unique: trueend

Consider the scenario where we would like to get notified when a job has failedfor more than three times. With the new enhancement, we can make it work byoverriding serialize and deserialize methods of the job class.

class DeliverWebhookJob < ActiveJob::Base  def serialize    super.merge('attempt_number' => (@attempt_number || 0) + 1)  end  def deserialize(job_data)    super(job_data)    @attempt_number = job_data['attempt_number']  end  rescue_from(TimeoutError) do |ex|    notify_job_tried_x_times(@attempt_number) if @attempt_number == 3    retry_job(wait: 10)  endend

Earlier, deserialization was performed by #deserialize class method andtherefore was inaccessible from the job instance. With the new changes,deserialization is delegated to the deserialize method on job instance therebyallowing it to attach arbitrary metadata when it gets serialized and read itback when it gets performed.

This rule was required because beforecommit,rendering a partial without giving :object or :collection used to generate alocal variable with the partial name by default and a variable name in rubycan't have dash and other things like that.

In the following case we have a file named _order-details.html.erb. Now let'stry to use this partial.

<!DOCTYPE html><html><body>  <%= render :partial => 'order-details' %></body></html>

We will get following error, if we try to render above view in Rails 4.x.

ActionView::Template::Error (The partial name (order-details) is not a valid Ruby identifier;make sure your partial name starts with underscore,and is followed by any combination of letters, numbers and underscores.):2: <html>3: <body>4: Following code is rendered through partial named \_order-details.erb5: <%= render :partial => 'order-details' %>6: </body>7: </html>

In the above the code failed because the partial name has a dash which is not avalid ruby variable name.

In Rails 5, we can give ourpartials any name which starts with underscore.

We can give custom error message by passing String or Proc to :message.

class Book < ActiveRecord::Base  # error message with a string  validates_presence_of :title, message: 'You must provide the title of book.'  # error message with a proc  validates_presence_of :price,      :message => Proc.new { |error, attributes|      "#{attributes[:key]} cannot be blank."      }end

What's new in Rails 5 ?

Rails 5allows passing record to error message generator.Now we can pass current record object in a proc as an argument, so that we canwrite custom error message based on current object.

Revised example with current record object.

class Book < ActiveRecord::Base  # error message with simple string  validates_presence_of :title, message: 'You must provide the title of book.'  # error message with proc using current record object  validates_presence_of :price,      :message => Proc.new { |book, data|      "You must provide #{data[:attribute]} for #{book.title}"      }end

$ rails new my_app --skip-action-mailer# OR$ rails new my_app -M

This comments out requiring action_mailer/railtie in application.rb.

It also omits mailer specific configurations such asconfig.action_mailer.raise_delivery_errors andconfig.action_mailer.perform_caching in production/development andconfig.action_mailer.delivery_method by default in test environment.

# application.rbrequire "rails"require "active_model/railtie"require "active_job/railtie"require "active_record/railtie"require "action_controller/railtie"# require "action_mailer/railtie"require "action_view/railtie"require "action_cable/engine"require "sprockets/railtie"require "rails/test_unit/railtie"

As, we can see action_mailer/railtie is commented out.

In Rails 4.x, if a validation fails for one or more of the associated models,then it is not possible to figure out from error message, which of theassociated model object is the error related to.

class Product < ApplicationRecordhas_many :variantsaccepts_nested_attributes_for :variantsendclass Variant < ApplicationRecordvalidates :display_name, :price, presence: trueend> > product = Product.new(name: 'Table')> > variant1 = Variant.new(price: 10)> > variant2 = Variant.new(display_name: 'Brown')> > product.variants = [variant1, variant2]> > product.save> > => false> > product.error.messages> > => {:"variants.display_name"=>["can't be blank"], :"variants.price"=>["can't be blank"]}

In the example above we can see that if this error message is sent as JSON API,we cannot find out which variant save failed because of which attribute.

This works well when we render forms using Active Record models, as errors areavailable on individual instances. But, the issue arises with an API call, wherewe don't have access to these instances.

Rails 5 allows indexing of errors on nested attributes

In Rails 5, we can add an index toerrors on nested models.

We can add the option index_errors: true to has_many association to enablethis behavior on individual association.

class Product < ApplicationRecordhas_many :variants, index_errors: trueaccepts_nested_attributes_for :variantsendclass Variant < ApplicationRecordvalidates :display_name, :price, presence: trueend> > product = Product.new(name: 'Table')> > variant1 = Variant.new(price: 10)> > variant2 = Variant.new(display_name: 'Brown')> > product.variants = [variant1, variant2]> > product.save> > => false> > product.error.messages> > => {:"variants[0].display_name"=>["can't be blank"], :"variants[1].price"=>["can't be blank"]}

Using global configuration

In order to make this change global, we can set configurationconfig.active_record.index_nested_attribute_errors = true which is false bydefault.

config.active_record.index_nested_attribute_errors = trueclass Product < ApplicationRecordhas_many :variantsaccepts_nested_attributes_for :variantsendclass Variant < ApplicationRecordvalidates :display_name, :price, presence: trueend

This will work exactly same as an example withhas_many :variants, index_errors: true in Product.

User.find_by_email([]).to_sql#=> "SELECT * FROM users WHERE email IS NULL"User.find_by_email([nil]).to_sql#=> "SELECT * FROM users WHERE email IS NULL"

Also, when JSON data of the request was parsed and params got generated thedeep munging converted empty arrays to nil.

For example, When the following JSON data is posted to a Rails controller

{"property_grouping":{"project_id":289,"name":"test group2","property_ids":[]}}

It gets converted into the following params in the controller.

{"property_grouping"=>{"project_id"=>289, "name"=>"test group2", "property_ids"=>nil, },"action"=>"...", "controller"=>"...", "format"=>"json"}

This in combination with the fact that Active Record constructs IS NULL querywhen blank array is passed became one of the security threats andone of the most complained issues in Rails.

The security threat we had was that it was possible for an attacker to issueunexpected database queries with "IS NULL" where clauses. Though there was nothreat of an insert being carried out, there could be scope for firing queriesthat would check for NULL even if it wasn't intended.

In later version of Rails(> 3.2), we had a different way of handling blankarrays in Active Record find_by and where clauses.

User.find_by_email([]).to_sql#=> "SELECT "users".* FROM "users" WHERE 1=0 LIMIT 1"User.find_by_email([nil]).to_sql#=> "SELECT * FROM users WHERE email IS NULL"

As you can see a conditional for empty array doesn't trigger IS NULL query,which solved part of the problem.

We still had conversion of empty array to nil in the deep munging in place andhence there was still a threat of undesired behavior when request containedempty array.

One way to handle it was to add before_action hooks to the action that couldmodify the value to empty array if it were nil.

In Rails 5,empty array does not get converted to nilin deep munging. With this change, the empty array will persist as is fromrequest to the params in the controller.

class ProductsControllerTest < ActionController::TestCase  def test_create    post :create, { product: { name: 'Rails 5 book' } }.to_json,        format: :json,        headers: { 'Content-Type' => 'application/json' }    assert_equal 'application/json', request.content_type    assert_equal({ id: 1, name: 'Rails 5 book' }, JSON.parse(response.body))  endend

This format for writing tests with JSON type is lengthy and needs too muchinformation to be passed to request as well.

Improvement with Rails 5

In Rails 5, we can provide Mime type while sending request bypassing it with as option and allthe other information like headers and format will be passed automatically.

class ProductsControllerTest < ActionDispatch::IntegrationTest  def test_create    post products_url, params: { product: { name: 'Rails 5 book' } }, as: :json    assert_equal 'application/json', request.content_type    assert_equal({ 'id' => 1, 'name' => 'Rails 5 book' }, response.parsed_body)  endend

As we can notice, we don't need to parse JSON anymore.

With changes in this PR, we canfetch parsed response without needing to call JSON.parse at all.

Custom Mime Type

We can also register our own encoders for any registered Mime Type.

class ProductsControllerTest < ActionDispatch::IntegrationTest  def setup    Mime::Type.register 'text/custom', :custom    ActionDispatch::IntegrationTest.register_encoder :custom,      param_encoder: -> params { params.to_custom },      response_parser: -> body { body }  end  def test_index    get products_url, params: { name: 'Rails 5 book' }, as: :custom    assert_response :success    assert_equal 'text/custom', request.content_type  endend

class UsersController < ApplicationController  def index    @users = User.all  endendStarted GET "/users" for ::1 at 2016-06-10 17:10:40 +0530Processing by UsersController#index as HTMLCompleted 500 Internal Server Error in 5msActionView::MissingTemplate (Missing template users/index, application/index with {:locale=>[:en], :formats=>[:html], :variants=>[], :handlers=>[:erb, :builder, :raw, :ruby]}...

Similarly, if we don't specify response for a POST request, we will also getActionView::MissingTemplate exception.

class UsersController < ApplicationController  def create    @user = User.new(user_params)    @user.save  endend

Started POST "/users"Processing by UsersController#create as HTML  Parameters: {"utf8"=>"", "user"=>{"name"=>"Max"}, "commit"=>"Create User"}   (0.1ms)  begin transaction  SQL (2.7ms)  INSERT INTO "users" ("name", "created_at", "updated_at") VALUES (?, ?, ?)  [["name", "Max"], ["created_at", 2016-06-10 12:29:09 UTC], ["updated_at", 2016-06-10 12:29:09 UTC]]   (0.5ms)  commit transactionCompleted 500 Internal Server Error in 5msActionView::MissingTemplate (Missing template users/create, application/create with {:locale=>[:en], :formats=>[:html], :variants=>[], :handlers=>[:erb, :builder, :raw, :ruby]}...

In Rails 5,if we don't specify response for an action then Rails returns 204: No content response by default.This change can cause some serious implications during the development phase ofthe app.

Let's see what happens with the POST request without specifying the response.

class UsersController < ApplicationController  def create    @user = User.new(user_params)    @user.save  endend

Started POST "/users"Processing by UsersController#create as HTML  Parameters: {"utf8"=>"", "user"=>{"name"=>"Max"}, "commit"=>"Create User"}   (0.1ms)  begin transaction  SQL (2.7ms)  INSERT INTO "users" ("name", "created_at", "updated_at") VALUES (?, ?, ?)  [["name", "Max"], ["created_at", 2016-06-10 12:29:09 UTC], ["updated_at", 2016-06-10 12:29:09 UTC]]   (0.5ms)  commit transactionNo template found for UsersController#create, rendering head :no_contentCompleted 204 No Content in 41ms (ActiveRecord: 3.3ms)

Rails happily returns with 204: No content response in this case.

This means users get the feel that nothing happened in the browser. BecauseRails returned with no content and browser happily accepted it. But in reality,the user record was created in the database.

Let's see what happens with the GET request in Rails 5.

class UsersController < ApplicationController  def index    @users = User.all  endend

ActionController::UnknownFormat (UsersController#index is missing a template for this request format and variant.request.formats: ["text/html"]request.variant: []NOTE! For XHR/Ajax or API requests, this action would normally respond with 204 No Content: an empty white screen. Since you're loading it in a web browser, we assume that you expected to actually render a template, not nothing, so we're showing an error to be extra-clear. If you expect 204 No Content, carry on. That's what you'll get from an XHR or API request. Give it a shot.):

Instead of 204: No Content, we getActionController::UnknownFormat exception.Rails is being extra smart here and hinting that we are probably missingcorresponding template for this controller action. It is smart enough to show usthis message as we requested this page via browser via a GET request. But if thesame request is made via Ajax or through an API call or a POST request, Railswill return 204: No Content response as seen before.

In general, this change can trip us in the development phase, as we are used toincremental steps like adding a route, then the controller action and then thetemplate or response. Getting 204 response can give a feel of nothing happeningwhere things have actually happened in the background. So don't forget torespond properly from your controller actions.

Problems were reported at many places includinggithub gists andstackoverflowregarding an error which was of the following form.

NoMethodError (undefined method `each' for #<ActionDispatch::Request::Session:0x7fb8dbe7f838 not yet loaded>): rack (1.5.2) lib/rack/session/abstract/id.rb:158:in `stringify_keys'rack (1.5.2) lib/rack/session/abstract/id.rb:95:in `update' rack (1.5.2) lib/rack/session/abstract/id.rb:258:in `prepare_session'rack (1.5.2) lib/rack/session/abstract/id.rb:224:in `context' rack (1.5.2) lib/rack/session/abstract/id.rb:220:in `call'

As we can see, the error occurs due to absence of method each on anActionDispatch::Request::Session object.

In Rails 5, each methodwas introduced to ActionDispatch::Request::Sessionclass making it compatible with Rack frameworks mounted in Rails and henceavoiding the above mentioned errors in integration testing.

Consider a Rails 4.x application where the request id is used as a log tag byadding following in config/environments/production.rb.

config.log_tags = [:uuid]

The log generated for that application would look like:

[df88dbaa-50fd-4178-85d7-d66279ea33b6] Started GET "/posts" for ::1 at 2016-06-03 17:19:32 +0530[df88dbaa-50fd-4178-85d7-d66279ea33b6] Processing by PostsController#index as HTML[df88dbaa-50fd-4178-85d7-d66279ea33b6]   Post Load (0.2ms)  SELECT "posts".* FROM "posts"[df88dbaa-50fd-4178-85d7-d66279ea33b6]   Rendered posts/index.html.erb within layouts/application (4.8ms)[df88dbaa-50fd-4178-85d7-d66279ea33b6] Completed 500 Internal Server Error in 10ms (ActiveRecord: 0.2ms)[df88dbaa-50fd-4178-85d7-d66279ea33b6]ActionView::Template::Error (divided by 0):    29: <br>    30:    31: <%= link_to 'New Post', new_post_path %>    32: <%= 1/0 %>  app/views/posts/index.html.erb:32:in `/'  app/views/posts/index.html.erb:32:in `_app_views_posts_index_html_erb___110320845380431566_70214104632140'

As we can see the request id tag is not prepended to the lines containing errordetails. If we search the log file by the request id then the error detailswould not be shown.

In Rails 5errors in logs show log tags as wellto overcome the problem we saw above.

Please note that the log tag name for request id has changed in Rails 5. Thesetting would thus look like as shown below.

config.log_tags = [:request_id]

This is how the same log will look like in a Rails 5 application.

[7efb4d18-8e55-4d51-b31e-119f49f5a410] Started GET "/" for ::1 at 2016-06-03 17:24:59 +0530[7efb4d18-8e55-4d51-b31e-119f49f5a410] Processing by PostsController#index as HTML[7efb4d18-8e55-4d51-b31e-119f49f5a410]   Rendering posts/index.html.erb within layouts/application[7efb4d18-8e55-4d51-b31e-119f49f5a410]   Post Load (0.9ms)  SELECT "posts".* FROM "posts"[7efb4d18-8e55-4d51-b31e-119f49f5a410]   Rendered posts/index.html.erb within layouts/application (13.2ms)[7efb4d18-8e55-4d51-b31e-119f49f5a410] Completed 500 Internal Server Error in 30ms (ActiveRecord: 0.9ms)[7efb4d18-8e55-4d51-b31e-119f49f5a410][7efb4d18-8e55-4d51-b31e-119f49f5a410] ActionView::Template::Error (divided by 0):[7efb4d18-8e55-4d51-b31e-119f49f5a410]     29: <br>[7efb4d18-8e55-4d51-b31e-119f49f5a410]     30:[7efb4d18-8e55-4d51-b31e-119f49f5a410]     31: <%= link_to 'New Post', new_post_path %>[7efb4d18-8e55-4d51-b31e-119f49f5a410]     32: <%= 1/0 %>[7efb4d18-8e55-4d51-b31e-119f49f5a410][7efb4d18-8e55-4d51-b31e-119f49f5a410] app/views/posts/index.html.erb:32:in `/'[7efb4d18-8e55-4d51-b31e-119f49f5a410] app/views/posts/index.html.erb:32:in `_app_views_posts_index_html_erb___1136362343261984150_70232665530320'

INSERT statement

Font color for INSERT command is green

UPDATE and SELECT statement

Font color for UPDATE command is yellow and for SELECT it is blue.

DELETE statement

Font color for DELETE command is red.

As you might have noticed from above that font color for transaction is cyan.

Rollback statement

Font color for Rollback transaction is red.

Other statements

For custom SQL statements color ismagenta and Model Load/exists color is cyan.

module UsersHelper  def full_name(user)    user.first_name + user.last_name  endendclass UsersController < ApplicationController  include UsersHelper  def update    @user = User.find params[:id]    if @user.update_attributes(user_params)      redirect_to user_path(@user), notice: "#{full_name(@user) is successfully updated}"    else      render :edit    end  endend

Though this works, it adds all public methods of the included helper module inthe controller.

This can lead to some of the methods in the helper module conflict with themethods in controllers.

Also if our helper module has dependency on other helpers, then we need toinclude all of the dependencies in our controller, otherwise it won't work.

New way to call helper methods in Rails 5

In Rails 5, by usingthe new instance level helpers methodin the controller, we can access helper methods in controllers.

module UsersHelper  def full_name(user)    user.first_name + user.last_name  endendclass UsersController < ApplicationController  def update    @user = User.find params[:id]    if @user.update_attributes(user_params)      notice = "#{helpers.full_name(@user) is successfully updated}"      redirect_to user_path(@user), notice: notice    else      render :edit    end  endend

This removes some of the drawbacks of including helper modules and is muchcleaner solution.

The solution for this problem is to document data models right from Railsmigrations.

Solution in Rails 4

You can add comments in Rails 4.x migrations using gems likemigration_comments andpg_comment.

Solution in Rails 5

Rails 5 allows to specify commentsfor tables, column and indexes in migrations.

These comments are stored in database itself.

Currently only MySQL and PostgreSQL supports adding comments.

We can add comments in migration as shown below.

class CreateProducts < ActiveRecord::Migration[5.0]  def change    create_table :products, comment: 'Products table' do |t|      t.string :name, comment: 'Name of the product'      t.string :barcode, comment: 'Barcode of the product'      t.string :description, comment: 'Product details'      t.float :msrp, comment: 'Maximum Retail Price'      t.float :our_price, comment: 'Selling price'      t.timestamps    end    add_index :products, :name,              name: 'index_products_on_name',              unique: true,              comment: 'Index used to lookup product by name.'  endend

When we run above migration output will look as shown below.

  rails_5_app rake db:migrate:up VERSION=20160429081156== 20160429081156 CreateProducts: migrating ===================================-- create_table(:products, {:comment=>"Products table"})   -> 0.0119s-- add_index(:products, :name, {:name=>"index_products_on_name", :unique=>true, :comment=>"Index used to lookup product by name."})   -> 0.0038s== 20160429081156 CreateProducts: migrated (0.0159s) ==========================

The comments are also dumped in db/schema.rb file for PostgreSQL and MySQL.

db/schema.rb of application will have following content after runningproducts table migration .

ActiveRecord::Schema.define(version: 20160429081156) do  # These are extensions that must be enabled in order to support this database  enable_extension "plpgsql"  create_table "products", force: :cascade, comment: "Products table" do |t|      t.string   "name",                     comment: "Name of the product"      t.string   "barcode",                  comment: "Barcode of the product"      t.string   "description",              comment: "Product details"      t.float    "msrp",                     comment: "Maximum Retail Price"      t.float    "our_price",                comment: "Selling price"      t.datetime "created_at",  null: false      t.datetime "updated_at",  null: false      t.index ["name"], name: "index_products_on_name", unique: true, using: :btree, comment: "Index used to lookup product by name."    endend

We can view these comments with Database Administration Tools such as MySQLWorkbench or PgAdmin III.

PgAdmin III will show database structure with comments as shown below.

-- Table: products-- DROP TABLE products;CREATE TABLE products(  id serial NOT NULL,  name character varying, -- Name of the product  barcode character varying, -- Barcode of the product  description character varying, -- Product details with string data type  msrp double precision, -- Maximum Retail price  our_price double precision, -- Selling price  created_at timestamp without time zone NOT NULL,  updated_at timestamp without time zone NOT NULL,  CONSTRAINT products_pkey PRIMARY KEY (id))WITH (  OIDS=FALSE);ALTER TABLE products  OWNER TO postgres;COMMENT ON TABLE products  IS 'Products table';COMMENT ON COLUMN products.name IS 'Name of the product';COMMENT ON COLUMN products.barcode IS 'Barcode of the product';COMMENT ON COLUMN products.description IS 'Product details with string data type';COMMENT ON COLUMN products.msrp IS 'Maximum Retail price';COMMENT ON COLUMN products.our_price IS 'Selling price';-- Index: index_products_on_name-- DROP INDEX index_products_on_name;CREATE UNIQUE INDEX index_products_on_name  ON products  USING btree  (name COLLATE pg_catalog."default");COMMENT ON INDEX index_products_on_name  IS 'Index used to lookup product by name.';

If we update comments through migrations, corresponding comments will be updatedin db/schema.rb file.

class CreateJoinTableCustomerProduct < ActiveRecord::Migration  def change    create_join_table(:customers, :products)  endend

It will create new join table customer_products with columns customer_id andproduct_id. We can also use block with create_join_table.

class CreateJoinTableCustomerProduct < ActiveRecord::Migration  def change    create_join_table :customers, :products do |t|      t.index :customer_id      t.index :product_id    end  endend

However create_join_table won't allows us to define the column type. It willalways create column of integer type. Because Rails 4.x ,by default, supportsprimary key column type as an auto increment integer.

If we wish to set uuid as a column type, then create_join_table won't work.In such case we have to create join table manually using create_table.

Here is an example with Rails 4.x.

class CreateJoinTableCustomerProduct < ActiveRecord::Migration  def change    create_table :customer_products do |t|      t.uuid :customer_id      t.uuid :product_id    end  endend

Rails 5 allows to have UUID as column type in join table

Rails 5 has started supporting UUID as a column type for primary key, socreate_join_table should also support UUID as a column type instead of onlyintegers. Hence now Rails 5 allows us to useUUID as a column type with create_join_table.

Here is revised example.

class CreateJoinTableCustomerProduct < ActiveRecord::Migration[5.0]  def change    create_join_table(:customers, :products, column_options: {type: :uuid})  endend

# app/jobs/application_job.rbclass ApplicationJob < ActiveJob::Baseend

In Rails 4.x if we want to useActiveJob then first weneed to generate a job and all the generated jobs directly inherit fromActiveJob::Base.

# app/jobs/guests_cleanup_job.rbclass GuestsCleanupJob < ActiveJob::Base  queue_as :default  def perform(*guests)    # Do something later  endend

Rails 5 adds explicit base class ApplicationJob for ActiveJob. As you cansee this is not a big change but it is a good change in terms of beingconsistent with how controllers have ApplicationController and models haveApplicationRecord.

Now ApplicationJob will be a single place to apply all kind of customizationsand extensions needed for an application, instead of applying patch onActiveJob::Base.

Upgrading from Rails 4.x

When upgrading from Rails 4.x to Rails 5 we need to create application_job.rbfile in app/jobs/ and add the following content.

# app/jobs/application_job.rbclass ApplicationJob < ActiveJob::Baseend

We also need to change all the existing job classes to inherit fromApplicationJob instead of ActiveJob::Base.

Here is the revised code of GuestCleanupJob class.

# app/jobs/guests_cleanup_job.rbclass GuestsCleanupJob < ApplicationJob  queue_as :default  def perform(*guests)    # Do something later  endend

Rails 5 supportsupdate method on an ActiveRecord::Relation objectthat runs callbacks and validations on all the records in the relation.

people = Person.where(country: 'US')people.update(language: 'English', currency: 'USD')

Internally, the above code runs update method on each Person record whosecountry is 'US'.

Let's see what happens when update is called on a relation in whichvalidations fail on few records.

We have a Note model. For simplicity let's add a validation that note_textfield cannot be blank for first three records.

class Note < ApplicationRecord  validate :valid_note  def valid_note   errors.add(:note_text, "note_text is blank") if id <= 3 && note_text.blank?  endend

Now let's try and update all the records with blank note_text.

 > Note.all.update(note_text: '')  Note Load (0.3ms)  SELECT `notes`.* FROM `notes`   (0.1ms)  BEGIN   (0.1ms)  ROLLBACK   (0.1ms)  BEGIN   (0.1ms)  ROLLBACK   (0.1ms)  BEGIN   (0.1ms)  ROLLBACK   (0.1ms)  BEGIN  SQL (2.9ms)  UPDATE `notes` SET `note_text` = '', `updated_at` = '2016-06-16 19:42:21' WHERE `notes`.`id` = 3   (0.7ms)  COMMIT   (0.1ms)  BEGIN  SQL (0.3ms)  UPDATE `notes` SET `note_text` = '', `updated_at` = '2016-06-16 19:42:21' WHERE `notes`.`id` = 4   (1.2ms)  COMMIT   (0.1ms)  BEGIN  SQL (0.3ms)  UPDATE `notes` SET `note_text` = '', `updated_at` = '2016-06-16 19:42:21' WHERE `notes`.`id` = 5   (0.3ms)  COMMIT   (0.1ms)  BEGIN  SQL (3.4ms)  UPDATE `notes` SET `note_text` = '', `updated_at` = '2016-06-16 19:42:21' WHERE `notes`.`id` = 6   (0.2ms)  COMMIT => [#<Note id: 1, user_id: 1, note_text: "", created_at: "2016-06-03 10:02:54", updated_at: "2016-06-16 19:42:21">, #<Note id: 2, user_id: 1, note_text: "", created_at: "2016-06-03 10:03:54", updated_at: "2016-06-16 19:42:21">, #<Note id: 3, user_id: 1, note_text: "", created_at: "2016-06-03 12:35:20", updated_at: "2016-06-03 12:35:20">, #<Note id: 4, user_id: 1, note_text: "", created_at: "2016-06-03 14:15:15", updated_at: "2016-06-16 19:14:20">, #<Note id: 5, user_id: 1, note_text: "", created_at: "2016-06-03 14:15:41", updated_at: "2016-06-16 19:42:21">, #<Note id: 6, user_id: 1, note_text: "", created_at: "2016-06-03 14:16:20", updated_at: "2016-06-16 19:42:21">]

We can see that failure of validations on records in the relation does not stopus from updating the valid records.

Also the return value of update on AR Relation is an array of records in therelation. We can see that the attributes in these records hold the values thatwe wanted to have after the update.

For example in the above mentioned case, we can see that in the returned array,the records with ids 1, 2 and 3 have blank note_text values even though thoserecords weren't updated.

Hence we may not be able to rely on the return value to know if the update issuccessful on any particular record.

For scenarios where running validations and callbacks is not important and/orwhere performance is a concern it is advisable to use update_all methodinstead of update method.

Users of heroku download all the config variables to local machine to debugproduction problem and sometimes developers mistakenly execute commands whichwipes out production data. This has happened enough number of times to herokuusers that Richard Schneeman of heroku decidedto do something about this issue.

Rails 5 prevents destructive action on production database

Rails 5 has added a new tablear_internal_metadata to store environment version which is used at the timeof migrating the database.

When the first time rake db:migrate is executed then new table stores thevalue production. Now whenever we loaddatabase schema ordatabase structure by runningrake db:schema:load or rake db:structure:load Rails will check if Railsenvironment is "production" or not. If not then Rails will raise an exceptionand thus preventing the data wipeout.

To skip this environment check we can manually passDISABLE_DATABASE_ENVIRONMENT_CHECK=1 as an argument with load schema/structuredb command.

Here is an example of running rake db:schema:load when development db ispointing to production database.

$ rake db:schema:loadrake aborted!ActiveRecord::ProtectedEnvironmentError: You are attempting to run a destructive action against your 'production' database.If you are sure you want to continue, run the same command with the environment variable:DISABLE_DATABASE_ENVIRONMENT_CHECK=1

As we can see Rails prevented data wipeout in production.

This is one of those features which hopefully you won't notice. However if youhappen to do something destructive to your production database then this featurewill come in handy.

Person.find_in_batches(start: 1000, batch_size: 2000) do |group|  group.each { |person| person.party_all_night! }end

The above code provides batches of Person starting from record whose value ofprimary key is equal to 1000.

There is no end value for primary key. That means in the above case all therecords that have primary key value greater than 1000 are fetched.

Rails 5 introduces finish optionthat serves as an upper limit to the primary key value in the records beingfetched.

Person.find_in_batches(start: 1000, finish: 9500, batch_size: 2000) do |group|  group.each { |person| person.party_all_night! }end

The above code ensures that no record in any of the batches has the primary keyvalue greater than 9500.

> puts ActiveSupport::TimeZone.us_zones.map(&:to_s)(GMT-10:00) Hawaii(GMT-09:00) Alaska(GMT-08:00) Pacific Time (US & Canada)(GMT-07:00) Arizona(GMT-07:00) Mountain Time (US & Canada)(GMT-06:00) Central Time (US & Canada)(GMT-05:00) Eastern Time (US & Canada)(GMT-05:00) Indiana (East)

Such functionality of getting all the TimeZone objects for a country wasimplemented only for one country, US.

The TimeZone class internally uses the TzInfo gem which does have an api forproviding timezones for all the countries.

Realizing this, the Rails community decided tointroduce a helper method country_zonesto ActiveSupport::TimeZone class that is able to fetch a collection ofTimeZone objects belonging to a country specified by its ISO 3166-1 Alpha2code.

> puts ActiveSupport::TimeZone.country_zones('us').map(&:to_s)(GMT-10:00) Hawaii(GMT-09:00) Alaska(GMT-08:00) Pacific Time (US & Canada)(GMT-07:00) Arizona(GMT-07:00) Mountain Time (US & Canada)(GMT-06:00) Central Time (US & Canada)(GMT-05:00) Eastern Time (US & Canada)(GMT-05:00) Indiana (East)>puts ActiveSupport::TimeZone.country_zones('fr').map(&:to_s) (GMT+01:00) Paris

Rails 5 providesfragment caching in Action Mailer views. To use this feature, we need to configure our application as follows.

config.action_mailer.perform_caching = true

This configuration specifies whether mailer templates should perform fragmentcaching or not. By default, this is set to false for all environments.

Fragment caching in views

We can do caching in mailer views similar to application views using cachemethod. Following example shows usage of fragment caching in mailer view of thewelcome mail.

<body> <% cache 'signup-text' do %>   <h1>Welcome to <%= @company.name %></h1>   <p>You have successfully signed up to <%= @company.name %>, Your username is: <% end %>     <%= @user.login %>.     <br />   </p> <%= render :partial => 'footer' %></body>

When we render view for the first time, we can see cache digest of the view andits partial.

  Cache digest for app/views/user_mailer/_footer.erb: 7313427d26cc1f701b1e0212498cee38  Cache digest for app/views/user_mailer/welcome_email.html.erb: 30efff0173fd5f29a88ffe79a9eab617  Rendered user_mailer/_footer.erb (0.3ms)  Rendered user_mailer/welcome_email.html.erb (26.1ms)  Cache digest for app/views/user_mailer/welcome_email.text.erb: 77f41fe6159c5736ab2026a44bc8de55  Rendered user_mailer/welcome_email.text.erb (0.2ms)UserMailer#welcome_email: processed outbound mail in 190.3ms

We can also use fragment caching in partials of the action mailer views withcache method. Fragment caching is also supported in multipart emails.

>> Post.where(id: 1).or(Post.where(title: 'Learn Rails'))   SELECT "posts".* FROM "posts" WHERE ("posts"."id" = ? OR "posts"."title" = ?)  [["id", 1], ["title", "Learn Rails"]]=> <ActiveRecord::Relation [#<Post id: 1, title: 'Rails'>]>

This returns ActiveRecord::Relation object, which is logical union of tworelations.

Some Examples of OR usage

With group and having

>> posts = Post.group(:user_id)>> posts.having('id > 3').or(posts.having('title like "Hi%"'))SELECT "posts".* FROM "posts" GROUP BY "posts"."user_id" HAVING ((id > 2) OR (title like "Rails%"))=> <ActiveRecord::Relation [#<Post id: 3, title: "Hi", user_id: 4>,#<Post id: 6, title: "Another new blog", user_id: 6>]>

With scope

class Post < ApplicationRecord  scope :contains_blog_keyword, -> { where("title LIKE '%blog%'") }end>> Post.contains_blog_keyword.or(Post.where('id > 3'))SELECT "posts".* FROM "posts" WHERE ((title LIKE '%blog%') OR (id > 3))=> <ActiveRecord::Relation [#<Post id: 4, title: "A new blog", user_id: 6>,#<Post id: 5, title: "Rails blog", user_id: 4>,#<Post id: 6, title: "Another new blog", user_id: 6>]>

With combination of scopes

class Post < ApplicationRecord  scope :contains_blog_keyword, -> { where("title LIKE '%blog%'") }  scope :id_greater_than, -> (id) {where("id > ?", id)}  scope :containing_blog_keyword_with_id_greater_than, ->(id) { contains_blog_keyword.or(id_greater_than(id)) }end>> Post.containing_blog_keyword_with_id_greater_than(2)SELECT "posts".* FROM "posts" WHERE ((title LIKE '%blog%') OR (id > 2)) ORDER BY "posts"."id" DESC=> <ActiveRecord::Relation [#<Post id: 3, title: "Hi", user_id: 6>,#<Post id: 4, title: "A new blog", user_id: 6>,#<Post id: 5, title: "Another new blog", user_id: 6>,<#Post id: 6, title: "Another new blog", user_id: 6>]>

Constraints for using OR method

The two relations must be structurally compatible, they must be scoping the samemodel, and they must differ only by WHERE or HAVING.

In order to use OR operator, neither relation should have a limit, offset,or distinct.

>> Post.where(id: 1).limit(1).or(Post.where(:id => [2, 3]))ArgumentError: Relation passed to #or must be structurally compatible. Incompatible values: [:limit]

When limit, offset or distinct is passed only with one relation, then itthrows ArgumentError as shown above.

As of now, we can use limit, offset or distinct when passed with both therelations and with same the parameters.

>> Post.where(id: 1).limit(2).or(Post.where(:id => [2, 3]).limit(2))SELECT  "posts".* FROM "posts" WHERE ("posts"."id" = ? OR "posts"."id" IN (2, 3)) LIMIT ?  [["id", 1], ["LIMIT", 2]]=> <ActiveRecord::Relation [#<Post id: 1, title: 'Blog', user_id: 3, published: true>,#<Post id: 2, title: 'Rails 5 post', user_id: 4, published: true>]>

There is an issue open in whichdiscussions are ongoing regarding completely stopping usage of limit, offsetor distinct when using with or.

pets = ActiveSupport::ArrayInquirer.new([:cat, :dog, 'rabbit'])> pets.cat?#=> true> pets.rabbit?#=> true> pets.elephant?#=> false

Array Inquirer also has any? method to check for the presence of any of thepassed arguments as elements in the array.

pets = ActiveSupport::ArrayInquirer.new([:cat, :dog, 'rabbit'])> pets.any?(:cat, :dog)#=> true> pets.any?('cat', 'dog')#=> true> pets.any?(:rabbit, 'elephant')#=> true> pets.any?('elephant', :tiger)#=> false

Since ArrayInquirer class inherits from Array class, its any? methodperforms same as any? method of Array class when no arguments are passed.

pets = ActiveSupport::ArrayInquirer.new([:cat, :dog, 'rabbit'])> pets.any?#=> true> pets.any? { |pet| pet.to_s == 'dog' }#=> true

Use inquiry method on array to fetch Array Inquirer version

For any given array we can have its Array Inquirer version by calling inquirymethod on it.

pets = [:cat, :dog, 'rabbit'].inquiry> pets.cat?#=> true> pets.rabbit?#=> true> pets.elephant?#=> false

Usage of Array Inquirer in Rails code

Rails 5makes use of Array Inquirerand provides a better way of checking for the presence of given variant.

Before Rails 5 code looked like this.

request.variant = :phone> request.variant#=> [:phone]> request.variant.include?(:phone)#=> true> request.variant.include?('phone')#=> false

Corresponding Rails 5 version is below.

request.variant = :phone> request.variant.phone?#=> true> request.variant.tablet?#=> false

By default this functionality is enabled. We can choose to disable it in a testcase class by setting the class attribute use_transactional_fixtures tofalse

class FooTest < ActiveSupport::TestCase  self.use_transactional_fixtures = falseend

Rails also comes with fixtures for tests. So it may seem thatuse_transactional_fixtures has something to do with the Rails fixtures. A lotof people don't use fixtures and they think that they should disableuse_transactional_fixtures because they do not use fixtures.

To overcome this confusion, Rails 5 hasrenamed transactional fixtures to transactional testsmaking it clear that it has nothing to do with the fixtures used in tests.

In Rails 5, the above example will be written as follows.

class FooTest < ActiveSupport::TestCase  self.use_transactional_tests = falseend

class User < ActiveRecord::Base  # Ignoring employee_email column  def self.columns    super.reject {|column| column.name == 'employee_email'}  endend

Rails 5 added ignored_columns

Rails 5 has added ignored_columnsto ActiveRecord::Base class.

Here is revised code after using ignored_columns method.

class User < ApplicationRecord  self.ignored_columns = %w(employee_email)end

<%= form_for(@user) do |f| %>  <%= f.collection_radio_buttons :role_id, @roles, :id, :name %>  <div class="actions">    <%= f.submit %>  </div><% end %>

In the controller, we can access role_id using the strong parameters.

def user_params  params.require(:user).permit(:role_id)end

When we try to submit this form without selecting any radio button in Rails 4.x,we will get 400 Bad Request error with following message.

ActionController::ParameterMissing (param is missing or the value is empty: user):.

This is because following parameters were sent to server in Rails 4.x .

Parameters: {"utf8"=>"", "authenticity_token"=>"...", "commit"=>"Create User"}

According to HTML specification, when multiple parameters are passed tocollection_radio_buttons and no option is selected, web browsers do not sendany value to the server.

Solution in Rails 5

Rails 5adds hidden field on the collection_radio_buttonsto avoid raising an error when the only input on the form iscollection_radio_buttons. The hidden field has the same name as collectionradio button and has blank value.

Following parameters will be sent to server in Rails 5 when above user form issubmitted:

Parameters: {"utf8"=>"", "authenticity_token"=>"...", "user"=>{"role_id"=>""}, "commit"=>"Create User"}

In case we don't want the helper to generate this hidden field, we can specifyinclude_hidden: false.

<%= f.collection_radio_buttons :role_id, Role.all, :id, :name, include_hidden: false %>

In Rails 5 we can make use of assign_attributes method and have bulkassignment of attributes even for objects whose classes are not inherited fromActiveRecord::Base.

This is possible because the attributes assignment codeis now moved fromActiveRecord::AttributeAssignment to ActiveModel::AttributeAssignmentmodule.

To have this up and running, we need to includeActiveModel::AttributeAssignment module to our class.

class User  include ActiveModel::AttributeAssignment  attr_accessor :email, :first_name, :last_nameenduser = User.newuser.assign_attributes({email:      'sam@example.com',                        first_name: 'Sam',                        last_name:  'Smith'})> user.email#=> "sam@example.com"> user.first_name#=> "Sam"

config.active_job.queue_adapter = :sidekiq

This queue_adapter would be applicable to all jobs.

Rails 5 provides ability to configure queue_adapteron a per job basis. It meansqueue_adapter for one job can be different to that of the other job.

Let's suppose we have two jobs in our brand new Rails 5 application. EmailJobis responsible for processing basic emails and NewsletterJob sends out newsletters.

class EmailJob < ActiveJob::Base  self.queue_adapter = :sidekiqendclass NewletterJob < ActiveJob::BaseendEmailJob.queue_adapter => #<ActiveJob::QueueAdapters::SidekiqAdapter:0x007fb3d0b2e4a0>NewletterJob.queue_adapter => #<ActiveJob::QueueAdapters::AsyncAdapter:0x007fb3d0c61b88>

We are now able to configure sidekiq queue adapter for EmailJob. In case ofNewsletterJob we fallback to the global default adapter which in case of a newRails 5 app is async.

Moreover, in Rails 5, when one job inherits other job, then queue adapter of theparent job gets persisted in the child job unless child job has configuration tochange queue adapter.

Since news letters are email jobs we can make NewsLetterJob inherit fromEmailJob.

Below is an example where EmailJob is using rescue while NewsLetterJob isusing sidekiq.

class EmailJob < ActiveJob::Base  self.queue_adapter = :resqueendclass NewsletterJob < EmailJobendEmailJob.queue_adapter => #<ActiveJob::QueueAdapters::ResqueAdapter:0x007fe137ede2a0>NewsletterJob.queue_adapter => #<ActiveJob::QueueAdapters::ResqueAdapter:0x007fe137ede2a0>class NewsletterJob < EmailJob  self.queue_adapter = :sidekiqendNewsletterJob.queue_adapter => #<ActiveJob::QueueAdapters::SidekiqAdapter:0x007fb3d0b2e4a0>

Before Rails 5, the only acceptable value for a validates_acceptance_ofvalidation was 1.

class User < ActiveRecord::Base  validates_acceptance_of :terms_of_serviceend> user = User.new(terms_of_service: "1")> user.valid?#=> true

Having acceptable value of 1 does cause some ambiguity because general purposeof acceptance validation is for attributes that hold boolean values.

So in order to have true as acceptance value we had to pass accept option tovalidates_acceptance_of as shown below.

class User < ActiveRecord::Base  validates_acceptance_of :terms_of_service, accept: trueend> user = User.new(terms_of_service: true)> user.valid?#=> true> user.terms_of_service = '1'> user.valid?#=> false

Now this comes with the cost that 1 is no longer an acceptable value.

In Rails 5, we have true as adefault value for acceptance alongwith the already existing acceptable value of 1.

In Rails 5 the previous example would look like as shown below.

class User < ActiveRecord::Base  validates_acceptance_of :terms_of_serviceend> user = User.new(terms_of_service: true)> user.valid?#=> true> user.terms_of_service = '1'> user.valid?#=> true

Rails 5 allows user to have custom set of acceptable values

In Rails 5, :accept option of validates_acceptance_of method supports anarray of values unlike a single value that we had before.

So in our example if we are to validate our terms_of_service attribute withany of true, "y", "yes" we could have our validation as follows.

class User < ActiveRecord::Base  validates_acceptance_of :terms_of_service, accept: [true, "y", "yes"]end> user = User.new(terms_of_service: true)> user.valid?#=> true> user.terms_of_service = 'y'> user.valid?#=> true> user.terms_of_service = 'yes'> user.valid?#=> true

class User < ActiveRecord::Base  has_one :profile, dependent: :destroyendclass Profile < ActiveRecord::Base  belongs_to :user, dependent: :destroyend

Calling User#destroy or Profile#destroy would lead to an infinite callbackloop.

>> user = User.first=> <User id: 4, name: "George">>> user.profile=> <Profile id: 4>>> user.destroy=> DELETE FROM `profiles` WHERE `profiles`.`id` = 4   ROLLBACKSystemStackError: stack level too deep

Rails 5supports bi-directional destroy dependencywithout triggering infinite callback loop.

>> user = User.first=> <User id: 4, name: "George">>> user.profile=> <Profile id: 4, about: 'Rails developer', works_at: 'ABC'>>> user.destroy=> DELETE FROM "profiles" WHERE "posts"."id" = ?  [["id", 4]]   DELETE FROM "users" WHERE "users"."id" = ?  [["id", 4]]=> <User id: 4, name: "George">

There are many instances like above where we need to destroy an association whenit is destroying itself, otherwise it may lead to orphan records.

This feature adds responsibility on developers to ensure adding destroydependency only when it is required as it can have unintended consequences asshown below.

class User < ApplicationRecord  has_many :posts, dependent: :destroyendclass Post < ApplicationRecord  belongs_to :user, dependent: :destroyend>> user = User.first=> <User id: 4, name: "George">>> user.posts=> <ActiveRecord::Associations::CollectionProxy [<Post id: 11, title: 'Ruby', user_id: 4>, #<Post id: 12, title: 'Rails', user_id: 4>]>

As we can see "user" has two posts. Now we will destroy first post.

>> user.posts.first.destroy=> DELETE FROM "posts" WHERE "posts"."id" = ?  [["id", 11]]   SELECT "posts".* FROM "posts" WHERE "posts"."user_id" = ?  [["user_id", 4]]   DELETE FROM "posts" WHERE "posts"."id" = ?  [["id", 12]]   DELETE FROM "users" WHERE "users"."id" = ?  [["id", 4]]

As we can see, we wanted to remove post with id "11". However post with id "12"also got deleted. Not only that but user record got deleted too.

In Rails 4.x this would have resulted inSystemStackError: stack level too deep .

So we should use this option very carefully.

class User < ActiveRecord::Base  after_commit :send_welcome_mail, on: create  after_commit :send_profile_update_notification, on: update  after_commit :remove_profile_data, on: destroy  def send_welcome_mail    EmailSender.send_welcome_mail(email: email)  endend

Rails 5 added new aliases

Rails 5 had added following threealiases.

• after_create_commit
• after_update_commit
• after_destroy_commit

Here is revised code after using these aliases.

class User < ApplicationRecord  after_create_commit:send_welcome_mail  after_update_commit:send_profile_update_notification  after_destroy_commit:remove_profile_data  def send_welcome_mail    EmailSender.send_welcome_mail(email: email)  endend

Note

We earlier stated that after_commit callback is executed at the end oftransaction. Using after_commit with a transaction block can be tricky. Pleasecheckout our earlier post aboutGotcha with after_commit callback in Rails.

>> user = User.new(name: 'John', email: 'john@example.com')>> user.save INSERT INTO "users" ("name", "created_at", "updated_at", "email") VALUES (?, ?, ?, ?)  [["name", "John"], ["created_at", 2016-03-16 09:12:44 UTC], ["updated_at", 2016-03-16 09:12:44 UTC], ["email", "john@example.com"]]=> true>> user.updated_at=> Wed, 16 Mar 2016 09:12:44 UTC +00:00>> user.name = "Mark">> user.save  UPDATE "users" SET "name" = ?, "updated_at" = ? WHERE "users"."id" = ?  [["name", "Mark"], ["updated_at", 2016-03-16 09:15:30 UTC], ["id", 12]]=> true>> user.updated_at=> Wed, 16 Mar 2016 09:15:30 UTC +00:00

Addition of touch option in ActiveRecord::Base#save

In Rails 5, by passing touch: false as an option to save, we can update theobject without updating timestamps. The default option for touch is true.

>> user.updated_at=> Wed, 16 Mar 2016 09:15:30 UTC +00:00>> user.name = "Dan">> user.save(touch: false)  UPDATE "users" SET "name" = ? WHERE "users"."id" = ?  [["name", "Dan"], ["id", 12]]=> true>> user.updated_at=> Wed, 16 Mar 2016 09:15:30 UTC +00:00

This works only when we are updating a record and does not work when a record iscreated.

>> user = User.new(name: 'Tom', email: 'tom@example.com')>> user.save(touch: false) INSERT INTO "users" ("name", "created_at", "updated_at", "email") VALUES (?, ?, ?, ?)  [["name", "Tom"], ["created_at", 2016-03-21 06:57:23 UTC], ["updated_at", 2016-03-21 06:57:23 UTC], ["email", "tom@example.com"]])>> user.updated_at=> Mon, 21 Mar 2016 07:04:04 UTC +00:00

class User < ActiveRecord::Base  validates :email, presence: trueend>> user = User.new>> user.valid?=> false>> user.errors.messages=> {:email=>["can't be blank"]}

In this case, we do not get any information about the type of failed validationas ActiveModel#Errors only gives the attribute name and the translated errormessage.

This works out well for normal apps. But in case of API only applications,sometimes we want to allow the client consuming the API to generate customizederror message as per their needs. We don't want to send the final translatedmessages in such cases. Instead if we could just send details that presencevalidation failed for :name attribute, the client app would be able tocustomize the error message based on that information.

In Rails 5, it is now possible to get such details about which validationsfailed for a given attribute.

We can check this by callingdetails method on theActiveModel#Errors instance.

class User < ApplicationRecord  validates :email, presence: trueend>> user = User.new>> user.valid?=> false>> user.errors.details=> {:email=>[{:error=>:blank}]}

We can also add custom validator types as per our need.

# Custom validator type>> user = User.new>> user.errors.add(:name, :not_valid, message: "The name appears invalid")>> user.errors.details=> {:name=>[{:error=>:not_valid}]}# Custom error with default validator type :invalid>> user = User.new>> user.errors.add(:name)>> user.errors.details=> {:name=>[{:error=>:invalid}]}# More than one error on one attribute>> user = User.new>> user.errors.add(:password, :invalid_format, message: "Password must start with an alphabet")>> user.errors.add(:password, :invalid_length, message: "Password must have at least 8 characters")>> user.errors.details=> {:password=>[{:error=>:invalid_format}, {:error=>:invalid_length}]}

Passing contextual information about the errors

We can also send contextual data for the validation to the Errors#add method.This data can be later accessed via Errors#details method because Errors#addmethod forwards all options except :message, :if, :unless, and :on todetails.

For eg. we can say that the password is invalid because ! is not allowed, asfollows.

class User < ApplicationRecord  validate :password_cannot_have_invalid_character  def password_cannot_have_invalid_character    if password.scan("!").present?      errors.add(:password, :invalid_character, not_allowed: "!")    end  endend>> user = User.create(name: 'Mark', password: 'Ra!ls')>> user.errors.details=> {:password=>[{:error=>:invalid_character, :not_allowed=>"!"}]}

We can also use this feature in our Rails 4.x apps by simply installing gemactive_model-errors_details.

<div class="youtube-video-container"><iframewidth="640"height="480"src="https://www.youtube.com/embed/ECDX1NH7yWE"frameborder="0"allowfullscreen

</iframe></div>

Major Features

Ruby 2.2.2+ dependency.

Action Cable.

API only apps.

Features for Development mode

Puma as default web server.

rails CLI over rake.

Restarting app using rails restart.

Enable caching using rails dev:cache.

Enhanced filtering of routes using rails routes -g

Evented file system monitor.

Features for Test mode

Test Runner.

Changes to controller tests.

Features related to Caching

Cache content forever using http_cache_forever.

Collection caching using ActiveRecord#cache_key.

Partials caching using multi_fetch_fragments.

Caching in Action Mailer views.

Changes in Active Record

Introduction of ApplicationRecord.

ActiveRelation#or.

has_secure_token for generating secure tokens.

Versioned migrations for backward compatibility.

Changes in Active Support

Improvements to Date/Time.

Enumerable#pluck, Enumerable#without.

Change in behavior related to halting callback chains.

After the Oracle'stake overofMySQLthere was some confusion about the future of MySQL. To remove any ambiguityabout whether in future MySQL will remain free or not MariaDBwas started .

Some of you might be wondering what advantages MariaDB offers over MySQL.Here isan article which lists10 reasonsto migrate to MariaDB from MySQL.

MariaDB is bundled as default on systems likeRedhat's RHEL 7+,Archlinux,Slackware andOpenBSD.

Some of the users of MariaDB are Google, Mozilla, Facebook andWikipedia.Later we found out that Basecamp hasalready been using MariaDBfor a while.

Active Record support for MariaDB

Recently, Ian Gilfillan from MariaDBFoundation sent a Pull Request toinclude MariaDB as part Rails Documentation.

Accepting that pull request means Rails iscommitting to supporting MariaDBalong with MySQL, PostgreSQL and SQLite.

The tests revealed an issuerelated to micro-precision support on time column.

If a column has time field and if we search on that column then the search wasfailing for MariaDB.

time = ::Time.utc(2000, 1, 1, 12, 30, 0, 999999)Task.create!(start: time)Task.find_by(start: time) # => nil

In the above case we created a record. However query yielded no record.

Now let's see why the query did not work for MariaDB.

MariaDB vs MySQL time column difference

First let's examine the tasks table.

 mysql> desc tasks;+--------+---------+------+-----+---------+----------------+| Field  | Type    | Null | Key | Default | Extra          |+--------+---------+------+-----+---------+----------------+| id     | int(11) | NO   | PRI | NULL    | auto_increment || start  | time    | YES  |     | NULL    |                |+--------+---------+------+-----+---------+----------------+2 rows in set (0.00 sec)

In the above case column start is of type time.

Let's insert a record in tasks table.

mysql> INSERT INTO `tasks` (`start`) VALUES ('2000-01-01 12:30:00');

Now let's query the table.

mysql> SELECT  `tasks`.* FROM `tasks` WHERE `tasks`.`start` = '2000-01-01 12:30:00' LIMIT 1;Empty set (0.00 sec)

In the above case query is passing date part(2000-01-01) along with the timepart(12:30:00) for column start and we did not get any result.

Now let's query again but this time we will pass only the time part to thestart column.

mysql> SELECT  `tasks`.* FROM `tasks` WHERE `tasks`.`start` = '12:30:00' LIMIT 1;+----+----------+| id | start    |+----+----------+|  1 | 12:30:00 |+----+----------+1 row in set (0.00 sec)

So in the query if we pass 2000-01-01 12:30:00 to a column which is of typetime then MariaDB fails.

Passing 2000-01-01 12:30:00 to MySQL, PostgreSQL and SQLite will work fine.That's because the adapters for those databases will drop the date part if dateis passed in the query string.

For MariaDB similar action was needed and soon enough aPull Request, to take care of thisbehavior from Rails side, was landed. MariaDB is itself,working on supporting this behaviornow.

Summary

In summary Rails 5 officially supports MariaDB and MariaDB can now safely beused as an alternative to MySQL for Ruby on Rails Applications.

ActionController::TestCase is deprecated

In Rails 5, controller tests are generated with superclassActionDispatch::IntegrationTest instead of ActionController::TestCase whichis deprecated (Link is not available) . It will be moved into a separate gem inRails 5.1 .

Rails 5 will use ActionDispatch::IntegrationTest by default for generatingscaffolds as wellcontroller tests stubs.

Use URL instead of action name with request methods in Rails 5

In Rails 4.x, we pass controller action as shown below.

class ProductsControllerTest < ActionController::TestCase  def test_index_response    get :index    assert_response :success  endend

But in Rails 5, controller tests expect to receive URL instead of action (Linkis not available). Otherwise test will throw exceptionURI::InvalidURIError: bad URI.

class ProductsControllerTest < ActionDispatch::IntegrationTest  def test_index    get products_url    assert_response :success  endend

If we are upgrading an older Rails 4.x app to Rails 5, which have test caseswith superclass ActionController::TestCase, then they will continue to work asit is without requiring to change anything from above.

Deprecation of assigns and assert_template in controller tests

In Rails 4.x, we can test instance variables assigned in a controller action andwhich template a particular controller action renders using assigns andassert_template methods.

class ProductsControllerTest < ActionController::TestCase  def test_index_template_rendered    get :index    assert_template :index    assert_equal Product.all, assigns(:products)  endend

But in Rails 5, calling assert_template or assigns will throw an exception.

class ProductsControllerTest < ActionDispatch::IntegrationTest  def test_index_template_rendered    get products_url    assert_template :index    assert_equal Product.all, assigns(:products)  endend# Throws exceptionNoMethodError: assert_template has been extracted to a gem. To continue using it,  add `gem 'rails-controller-testing'` to your Gemfile.

These two methods have now beenremoved from the core and moved toa separate gemrails-controller-testing.If we still want to use assert_template and assigns, then we can do this byadding this gem in our applications.

Reasons for removing assigns and assert_template

The idea behind the removal of these methods is that instance variables andwhich template is rendered in a controller action are internals of a controller,and controller tests should not care about them.

According to Rails team, controller tests should be more concerned about what isthe result of that controller action like what cookies are set, or what HTTPcode is set rather than testing of the internals of the controller. So, thesemethods are removed from the core.

Use of Keywords arguments in HTTP request methods in Rails 5

In Rails 4.x, we pass various arguments like params, flash messages and sessionvariables to request method directly.

class ProductsControllerTest < ActionController::TestCase  def test_show    get :show, { id: user.id }, { notice: 'Welcome' }, { admin: user.admin? }    assert_response :success  endend

Where { id: user.id } are params, { notice: 'Welcome' } is flash and{ admin: user.admin? } is session.

This becomes confusing sometimes, as it is not clear which argument belongs towhich part.

Now in Rails 5, request methods accept onlykeyword arguments.

class ProductsControllerTest < ActionDispatch::IntegrationTest  def test_create    post product_url, params: { product: { name: "FIFA" } }    assert_response :success  endend

This makes it easier to understand what arguments are being passed.

When we pass arguments without keywords arguments, then Rails logs a deprecationwarning.

class ProductsControllerTest < ActionDispatch::IntegrationTest  def test_create    post product_url, { product: { name: "FIFA" } }    assert_response :success  endendDEPRECATION WARNING: ActionDispatch::IntegrationTest HTTP request methods will acceptonly the following keyword arguments in future Rails versions:params, headers, env, xhr

@users = User.all

Above code is selecting all the columns of the table users. This might be okin most cases. However in some cases we might want to select only certaincolumns for performance reason. The difficult task is finding what all columnsare actually used in a request.

To help in this task, Rails 5 has addedaccessed_fieldsmethod which lists attributes that were actually used in the operation.

This is helpful in development mode in determining what all fields are reallybeing used by the application.

class UsersController < ApplicationController  def index    @users = User.all  endend

# app/views/users/index.html.erb<table>  <tr>    <th>Name</th>    <th>Email</th>  </tr>  <% @users.each do |user| %>    <tr>      <td><%= user.name %></td>      <td><%= user.email %></td>    </tr>  <% end %></table>

Now, in order to find all the fields that were actually used, let's addafter_action to the controller.

class UsersController < ApplicationController  after_action :print_accessed_fields  def index    @users = User.all  end  private  def print_accessed_fields    p @users.first.accessed_fields  endend

Let's take a look at the log file.

Processing by UsersController#index as HTML  User Load (0.1ms) SELECT "users".* FROM "users"  Rendered users/index.html.erb within layouts/application (1.0ms)  ["name", "email"]

As we can see, it returns ["name", "email"] as attributes which were actuallyused.

If users table has 20 columns then we do not need to load values all thoseother columns. We are using only two columns. So let's change code to reflectthat.

class UsersController < ApplicationController  def index    @users = User.select(:name, :email)  endend

>> Post.published.count=> 25000>> Post.where(published: true).each do |post|     post.archive!   end# Loads 25000 posts in memory

Rails 5 adds warning when loading large data set

To mitigate issue shown above Rails 5has addedconfig.active_record.warn_on_records_fetched_greater_than.

When this configuration is set to an integer value, any query that returns thenumber of records greater than the set limit, logs a warning.

config.active_record.warn_on_records_fetched_greater_than = 1500>> Post.where(published: true).each do |post|     post.archive!   end=> Query fetched 25000 Post records: SELECT "posts".* FROM "posts" WHERE "posts"."published" = ? [["published", true]]   [#<Post id: 1, title: 'Rails', user_id: 1, created_at: "2016-02-11 11:32:32", updated_at: "2016-02-11 11:32:32", published: true>, #<Post id: 2, title: 'Ruby', user_id: 2, created_at: "2016-02-11 11:36:05", updated_at: "2016-02-11 11:36:05", published: true>,....]

This helps us find areas where potential problems exist and then we can replaceinefficient queries with better ones.

config.active_record.warn_on_records_fetched_greater_than = 1500>> Post.where(published: true).find_each do |post|     post.archive!   end# No warning is logged

We will have to define custom loggers if these logs are to be directed toanother file or to standard output. Presence of such custom logic is whatenables Rails to direct logs to STDOUT along with development.log file indevelopment environment.

Rails 5, however,supports logging to STDOUT inproduction environment through introduction of new environment variableRAILS_LOG_TO_STDOUT.

In a brand new Rails app, we can see the following snippet in production.rbfile.

if ENV["RAILS_LOG_TO_STDOUT"].present?  config.logger = ActiveSupport::TaggedLogging.new(Logger.new(STDOUT))end

By setting RAILS_LOG_TO_STDOUT to any value we should have the production logsdirected to STDOUT.

We can see in the snippet above config.logger is overwritten. Therefore nowthe logs will not be directed to production.log file.

To opt out of this and revert to the original functionality, we can eitherassign a blank value to this environment constant or removeRAILS_LOG_TO_STDOUT from the list of environment constants.

If used properly, contextual validations can result in much cleaner code. Tounderstand validation context, we will take example of a form which is submittedin multiple steps:

class MultiStepForm < ActiveRecord::Base  validate :personal_info  validate :education, on: :create  validate :work_experience, on: :update  validate :final_step, on: :submission  def personal_info    # validation logic goes here..  end  # Smiliary all the validation methods go here.end

Let's go through all the four validations one-by-one.

1. personal_info validation has no context defined (notice the absence ofon:). Validations with no context are executed every time a model save istriggered. Please go through all the triggershere.

2. education validation has context of :create. It is executed only when anew object is created.

3. work_experience validation is in :update context and gets triggered forupdates only. :create and :update are the only two pre-defined contexts.

4. final_step is validated using a custom context named :submission. Unlikeabove scenarios, it needs to be explicitly triggered like this:

form = MultiStepForm.new# Eitherform.valid?(:submission)# Orform.save(context: :submission)

valid? runs the validation in given context and populates errors. savewould first call valid? in the given context and persist the changes ifvalidations pass. Otherwise populates errors.

One thing to note here is that when we validate using an explicit context, Railsbypasses all other contexts including :create and :update.

Now that we understand validation context, we can switch our focus to validatemultiple context togetherenhancement in Rails 5.

Let's change our contexts from above example to

class MultiStepForm < ActiveRecord::Base  validate :personal_info, on: :personal_submission  validate :education, on: :education_submission  validate :work_experience, on: :work_ex_submission  validate :final_step, on: :final_submission  def personal_info    # code goes here..  end  # Smiliary all the validation methods go here.end

For each step, we would want to validate the model with all previous steps andavoid all future steps. Prior to Rails 5, this can be achieved like this:

class MultiStepForm < ActiveRecord::Base  #...  def save_personal_info    self.save if self.valid?(:personal_submission)  end  def save_education    self.save if self.valid?(:personal_submission)              && self.valid?(:education_submission)  end  def save_work_experience    self.save if self.valid?(:personal_submission)              && self.valid?(:education_submission)              && self.valid?(:work_ex_submission)  end  # And so on...end

Notice that valid? takes only one context at a time. So we have to repeatedlycall valid? for each context.

This gets simplified in Rails 5 by enhancing valid? and invalid? to acceptan array. Our code changes to:

class MultiStepForm < ActiveRecord::Base  #...  def save_personal_info    self.save if self.valid?(:personal_submission)  end  def save_education    self.save if self.valid?([:personal_submission,                              :education_submission])  end  def save_work_experience    self.save if self.valid?([:personal_submission,                              :education_submission,                              :work_ex_submission])  endend

A tad bit cleaner I would say.

protect_from_forgery protects applications against CSRF.Follow that link to read up more about CSRF.

What

If we generate a brand new Rails application in Rails 4.x thenapplication_controller will look like this.

class ApplicationController < ActionController::Base  protect_from_forgery with: :exceptionend

Looking it at the code it does not look like protect_from_forgery is abefore_action call but in reality that's what it is. Sinceprotect_from_forgery is a before_action call it should follow the order ofhow other before_action are executed. But this one is special in the sensethat protect_from_forgery is executed first in the series of before_actionno matter where protect_from_forgery is mentioned. Let's see an example.

class ApplicationController < ActionController::Base  before_action :load_user  protect_from_forgery with: :exceptionend

In the above case even though protect_from_forgery call is made afterload_user, the protection execution happens first. And we can't do anythingabout it. We can't pass any option to stop Rails from doing this.

Rails 5changesthis behavior by introducing a boolean option called prepend. Default valueof this option is false. What it means is, now protect_from_forgery getsexecuted in order of call. Of course, this can be overridden by passingprepend: true as shown below and now protection call will happen first justlike Rails 4.x.

class ApplicationController < ActionController::Base  before_action :load_user  protect_from_forgery with: :exception, prepend: trueend

Why

There isn't any real advantage in forcing protect_from_forgery to be the firstfilter in the chain of filters to be executed. On the flip side, there are caseswhere output of other before_action should decide the execution ofprotect_from_forgery. Let's see an example.

class ApplicationController < ActionController::Base  before_action :authenticate  protect_from_forgery unless: -> { @authenticated_by.oauth? }  private    def authenticate      if oauth_request?        # authenticate with oauth        @authenticated_by = 'oauth'.inquiry      else        # authenticate with cookies        @authenticated_by = 'cookie'.inquiry      end    endend

Above code would fail in Rails 4.x, as protect_from_forgery, though calledafter :authenticate, actually gets executed before it. Due to which we wouldnot have @authenticated_by set properly.

Whereas in Rails 5, protect_from_forgery gets executed after :authenticateand gets skipped if authentication is oauth.

Upgrading to Rails 5

Let's take an example to understand how this change might affect the upgrade ofapplications from Rails 4 to Rails 5.

class ApplicationController < ActionController::Base  before_action :set_access_time  protect_from_forgery  private    def set_access_time      current_user.access_time = Time.now      current_user.save    endend

In Rails 4.x, set_access_time is not executed for bad requests. But itgets executed in Rails 5 because protect_from_forgery is called afterset_access_time.

Saving data (current_user.save) in before_action is anyways a big enoughviolation of the best practices, but now those persistences would leave usvulnerable to CSRF if they are called before protect_from_forgery is called.

create_table :users, id: :uuid do |t|  t.string :nameend

Notice that id: :uuid is passed to create_table. This is all we need to do tohave UUID as primary key for users.

Now, if an application is designed to use UUID instead of Integer, then chancesare that new tables too would use UUID as primary key. And it can easily getrepetitive to add id: :uuid in create_table , every time a new model isgenerated.

Rails 5 comes up with a solution.We need to set primary key as UUID in config/application.rb.

config.generators do |g|  g.orm :active_record, primary_key_type: :uuidend

This automatically adds id: :uuid to create_table in all future migrations.

If we are using the latest version of PostgreSQL then we should enablepgcrypto extension as perRails guide.

To enable pgcryptoextension we need a migration which does something like this.

class EnablePgcryptoExtension < ActiveRecord::Migration  def change    enable_extension 'pgcrypto'  endend

These adapters can be configured as follows.

# for Active Job InlineRails.application.config.active_job.queue_adapter = :inline# for Active Job AsyncRails.application.config.active_job.queue_adapter = :async

In Rails 4.x the default queue adapter is :inline. In Rails 5 it hasbeen changed to:async by DHH.

Asynchronous Execution

In case of inline, as the name suggests, execution of the job happens in thesame process that invokes the job. In case of Async adapter, the job is executedasynchronously using in-process thread pool.

AsyncJob makes use of aconcurrent-ruby threadpool and the data is retained in memory. Since the data is stored in memory, ifthe application restarts, this data is lost. Hence, AsyncJob should not beused in production.

Running in future

AsyncJob supports running the job at some time in future throughperform_later. Inline executes the job immediately and does not supportrunning the job in future.

Both Active Job Async and Active Job Inline do not support configuringpriorities among queues, timeout in execution and retry intervals/counts.

Advantage of having Async as default adapter

In Rails 4.x where Inline is the default adapter, the test cases weremistakenly dependent on job's behavior that happens synchronously indevelopment/testing environment. Using Async adapter ,by default, will helpusers have tests not rely on such synchronous behavior.

It's a step closer to simulating your production environment where jobs areexecuted asynchronously with more persistent backends.

Consider an example, where in an e-commerce site upon every order placed anemail is sent.

test "order is created successfully" do  # Code to test record in orders table is createdendtest "order email is sent" do  # Code to test order email is sentend

The process of sending email can be part of a job which is invoked from anafter_create callback in Order model.

class Order < ActiveRecord::Base  after_create :send_order_email  def send_order_email    # Invoke the job of sending an email asynchronously.  endend

When Inline adapter is used, any wrongly configured email settings will causeboth the above tests to fail. This is because the process of sending the emailhappens within the process of order creation and any error in sending the emailwould kill the process if unhandled.

The app needs to show a list of all the authors along with a number of poststhat they have written.

For this, we need to join author and posts table with "left outer join". Moreabout "left outer join"here,here andhere.

In Rails 4.x, we need to write the SQL for left outer join manually as ActiveRecord does not have support for outer joins.

authors = Author.join('LEFT OUTER JOIN "posts" ON "posts"."author_id" = "authors"."id"')                .uniq                .select("authors.*, COUNT(posts.*) as posts_count")                .group("authors.id")

Rails 5 has added left_outer_joinsmethod.

authors = Author.left_outer_joins(:posts)                .uniq                .select("authors.*, COUNT(posts.*) as posts_count")                .group("authors.id")

It also allows to perform the left join on multiple tables at the same time.

>> Author.left_joins :posts, :comments  Author Load (0.1ms)  SELECT "authors".* FROM "authors" LEFT OUTER JOIN "posts" ON "posts"."author_id" = "authors"."id" LEFT OUTER JOIN "comments" ON "comments"."author_id" = "authors"."id"

If you feel left_outer_joins is too long to type, then Rails 5 also has analias method left_joins.

class User < ActiveRecord::Base  before_create :set_access_token  private  def set_access_token    self.access_token = generate_token  end  def generate_token    loop do      token = SecureRandom.hex(10)      break token unless User.where(access_token: token).exists?    end  endend

has_secure_token in Rails 5

Rails 5has added has_secure_token methodto generate a random alphanumeric token for a given column.

class User < ApplicationRecord  has_secure_tokenend

By default, Rails assumes that the attribute name is token. We can provide adifferent name as a parameter to has_secure_token if the attribute name is nottoken.

class User < ApplicationRecord  has_secure_token :password_reset_tokenend

The above code assumes that we already have password_reset_token attribute inour model.

>> user = User.new>> user.save=> true>> user.password_reset_token=> 'qjCbex522DfVEVd5ysUWppWQ'

The generated tokens are URL safe and are of fixed length strings.

Migration helper for generating token

We can also generate migration fortoken similar to other data types.

$ rails g migration add_auth_token_to_user auth_token:token

class AddAuthTokenToUser < ActiveRecord::Migration[5.0]  def change    add_column :users, :auth_token, :string    add_index :users, :auth_token, unique: true  endend

Notice that migration automatically adds index on the generated column withunique constraint.

We can also generate a model with the token attribute.

$ rails g model Product access_token:token

class CreateProducts < ActiveRecord::Migration[5.0]  def change    create_table :products do |t|      t.string :access_token      t.timestamps    end    add_index :products, :access_token, unique: true  endend

Model generator also adds has_secure_token method to the model.

class Product < ApplicationRecord  has_secure_token :access_tokenend

Regenerating tokens

Sometimes we need to regenerate the tokens based on some expiration criteria.

In order to do that, we can simply call regenerate_#{token_attribute_name}which would regenerate the token and save it to its respective attribute.

>> user = User.first=> <User id: 11, name: 'John', email: 'john@example.com',         token: "jRMcN645BQyDr67yHR3qjsJF",         password_reset_token: "qjCbex522DfVEVd5ysUWppWQ">>> user.password_reset_token=> "qjCbex522DfVEVd5ysUWppWQ">> user.regenerate_password_reset_token=> true>> user.password_reset_token=> "tYYVjnCEd1LAXvmLCyyQFzbm"

Beware of race condition

It is possible to generate a race condition in the database while generating thetokens. So it is advisable to add a unique index in the database to deal withthis unlikely scenario.

Use case for suppress method

Let's say, we have an E-commerce application, which has many products. Whenevernew product is launched then subscribed customers are notified about it.

class Product < ApplicationRecord  has_many :notifications  belongs_to :seller  after_save :send_notification  def launch!    update_attributes!(launched: true)  end  private  def send_notification    notifications.create(message: 'New product Launched', seller: seller)  endendclass Notification < ApplicationRecord  belongs_to :product  belongs_to :seller  after_create :send_notifications  private  def send_notifications    # Sends notification about product to customers.  endendclass Seller < ApplicationRecord  has_many :productsend

This creates a notification record every time we launch a product.

>> Notification.count=> 0>> seller = Seller.last=> <Seller id: 6, name: "John">>> product = seller.products.create(name: 'baseball hat')=> <Product id: 4, name: "baseball hat", seller_id: 6>>> product.launch!>> Notification.count=> 1

Now, we have a situation where we need to launch a product but we don't want tosend notifications about it.

Before Rails 5, this was possible only by adding more conditions.

ActiveRecord::Base.Suppress in Rails 5

In Rails 5, we can use ActiveRecord::Base.suppress method to suppress creatingof notifications as shown below.

class Product < ApplicationRecord  def launch_without_notifications    Notification.suppress do      launch!    end  endend>> Notification.count=> 0>> product = Product.create!(name: 'tennis hat')=> <Event id: 1, name: "tennis hat">>> product.launch_without_notifications>> Notification.count=> 0

As we can see, no new notifications were created when product is launched insideNotification.suppress block.

Checkout the pull request to gainbetter understanding of how suppress works.

# index.html.erb<%= render partial: 'todo', collection: @todos %># _todo.html.erb<% cache todo do %>  <%= todo.name %><% end %>

In the above case Rails will do one fetch from the cache for each todo.

Fetch is usually pretty fast with any caching solution, however, one fetch pertodo can make the app slow.

Gem multi_fetch_fragments fixedthis issue by usingread_multiapi provided by Rails.

In a single call to cache, this gem fetches all the cache fragments for acollection. The author of the gem saw78% speed improvementby using this gem.

The features of this gemhave been folded into Rails 5.

To get benefits of collection caching, just add cached: true as shown below.

# index.html.erb<%= render partial: 'todo', collection: @todos, cached: true %># _todo.html.erb<% cache todo do %>  <%= todo.name %><% end %>

With cached: true present, Rails will use read_multi to the cache storeinstead of reading from it every partial.

Rails will also log cache hits in the logs as below.

  Rendered collection of todos/_todo.html.erb [100 / 100 cache hits] (339.5ms)

Checkout the pull request to gainbetter understanding about how collection caching works.

Strong v/s Weak ETags

ETag supportsstrong and weak validationof the resource.

Strong ETag indicates that resource content is same for response body and theresponse headers.

Weak ETag indicates that the two representations are semantically equivalent. Itcompares only the response body.

Weak ETags areprefixed withW\ and thus one can easily distinguish between Weak ETags and Strong ETags.

"543b39c23d8d34c232b457297d38ad99"     Strong ETagW/"543b39c23d8d34c232b457297d38ad99"   Weak ETag

W3 hasan example pageto illustrate how ETag matching works.

When server receives a request, it returns an ETag header as part of HTTPresponse. This ETag represents state of the resource. For the subsequent HTTPrequests, client sends this ETag via If-None-Match header to identify if theresource is changed or not. The server will compare the current ETag and the onesent by the client. If ETag matches, server responds with 304 Not modified.This means resource content in the client's cache is up-to-date. If resource ischanged, server will send updated resource along with the new ETag.

Let's see it in action.

ETags in Rails 4.x

Rails 4.x generates strong ETags by default i.e without W/ prefix.

class ItemsController < ApplicationController  def show    @item = Item.find(params[:id])    fresh_when @item  endend

We are making first request to the server.

$ curl -i http://localhost:3000/items/1HTTP/1.1 200 OKX-Frame-Options: SAMEORIGINX-Xss-Protection: 1; mode=blockX-Content-Type-Options: nosniffEtag: "618bbc92e2d35ea1945008b42799b0e7"Last-Modified: Sat, 30 Jan 2016 08:02:12 GMTContent-Type: text/html; charset=utf-8Cache-Control: max-age=0, private, must-revalidateX-Request-Id: 98359119-14ae-4e4e-8174-708abbc3fd4bX-Runtime: 0.412232Server: WEBrick/1.3.1 (Ruby/2.2.2/2015-04-13)Date: Fri, 04 Mar 2016 10:50:38 GMTContent-Length: 1014Connection: Keep-Alive

For the next request, we will send ETag that was sent by the sever. And noticethat server returns 304 Not Modified.

$ curl -i -H 'If-None-Match: "618bbc92e2d35ea1945008b42799b0e7"' http://localhost:3000/items/1HTTP/1.1 304 Not ModifiedX-Frame-Options: SAMEORIGINX-Xss-Protection: 1; mode=blockX-Content-Type-Options: nosniffEtag: "618bbc92e2d35ea1945008b42799b0e7"Last-Modified: Sat, 30 Jan 2016 08:02:12 GMTCache-Control: max-age=0, private, must-revalidateX-Request-Id: e4447f82-b96c-4482-a5ff-4f5003910c18X-Runtime: 0.012878Server: WEBrick/1.3.1 (Ruby/2.2.2/2015-04-13)Date: Fri, 04 Mar 2016 10:51:22 GMTConnection: Keep-Alive

Rails 5 sets Weak ETags by default

In Rails 5, all ETags generated by Rails will beweak by default.

$ curl -i http://localhost:3000/items/1HTTP/1.1 200 OKX-Frame-Options: SAMEORIGINX-Xss-Protection: 1; mode=blockX-Content-Type-Options: nosniffEtag: W/"b749c4dd1b20885128f9d9a1a8ba70b6"Last-Modified: Sat, 05 Mar 2016 00:00:00 GMTContent-Type: text/html; charset=utf-8Cache-Control: max-age=0, private, must-revalidateX-Request-Id: a24b986c-74f0-4e23-9b1d-0b52cb3ef906X-Runtime: 0.038372Server: WEBrick/1.3.1 (Ruby/2.2.3/2015-08-18)Date: Fri, 04 Mar 2016 10:48:35 GMTContent-Length: 1906Connection: Keep-Alive

Now for the second request, server will return 304 Not Modified response asbefore, but the ETag is weak ETag.

$ curl -i -H 'If-None-Match: W/"b749c4dd1b20885128f9d9a1a8ba70b6"' http://localhost:3000/items/1HTTP/1.1 304 Not ModifiedX-Frame-Options: SAMEORIGINX-Xss-Protection: 1; mode=blockX-Content-Type-Options: nosniffEtag: W/"b749c4dd1b20885128f9d9a1a8ba70b6"Last-Modified: Sat, 05 Mar 2016 00:00:00 GMTCache-Control: max-age=0, private, must-revalidateX-Request-Id: 7fc8a8b9-c7ff-4600-bf9b-c847201973ccX-Runtime: 0.005469Server: WEBrick/1.3.1 (Ruby/2.2.3/2015-08-18)Date: Fri, 04 Mar 2016 10:49:27 GMTConnection: Keep-Alive

Why this change?

Rails does not perform strong validation of ETags as implied by strong ETagsspec. Rails just checks whether the incoming ETag from the request headersmatches with the ETag of the generated response. It does not do byte by bytecomparison of the response.

This was true even before Rails 5. So this change is more of a coursecorrection. Rack alsogenerates weak ETags by defaultbecause of similar reasons.

Mark Notthingham is chair ofHTTP Working Group and hehas written about etags which hassome useful links to other ETag resources.

How to use strong ETags in Rails 5

If we want to bypass default Rails 5 behavior to use strong ETags then we can doby following way.

class ItemsController < ApplicationController  def show    @item = Item.find(params[:id])    fresh_when strong_etag: @item  endend

This will generate strong Etag i.e without W/ prefix.

Rails makes it very easy to filter such data. Just add following line inapplication.rb to filter sensitive information.

config.filter_parameters += [:password]

Now the log file will show [FILTERED] instead of real password value.

This replacement of password with [FILTERED] is done recursively.

{user_name: "john", password: "123"}{user: {name: "john", password: "123"}}{user: {auth: {id: "john", password: "123"}}}

In all the above cases, "123" would be replaced by "[FILTERED]".

Now think of a situation where we do not want to filter all the occurrence of akey. Here is an example.

{credit_card: {number: "123456789", code: "999"}}{user_preference: {color: {name: "Grey", code: "999999"}}}

We definitely want to filter [:credit_card][:code] but we want[:color][:code] to show up in the log file.

This can be achieved in Rails 5.

The application.rb changes from

config.filter_parameters += ["code"]

to

config.filter_parameters += ["credit_card.code"]

In this case so long as parent of code is credit_card Rails will filter thedata.

Sometimes, we have static pages that never/rarely change.

# app/controllers/home_controller.rbclass HomeController < ApplicationController  def index    render  endend# app/views/home/index.html.erb<h1>Welcome</h1>

Let's see log for the above action.

Processing by HomeController#index as HTML  Rendered home/index.html.erb within layouts/application (1.3ms)Completed 200 OK in 224ms (Views: 212.4ms | ActiveRecord: 0.0ms) And so on for every request for this action.

There is no change in the response and still we are rendering same thing againand again and again.

Rails 5 introduces http_cache_forever

When response does not change then we want browsers and proxies to cache it fora long time.

Method http_cache_forever allows us to set response headers to tell browsersand proxies that response has not modified.

# app/controllers/home_controller.rbclass HomeController < ApplicationController  def index    http_cache_forever(public: true) {}  endend# ORclass HomeController < ApplicationController  def index    http_cache_forever(public: true) do      render    end  endend# app/views/home/index.html.erb<h1>Welcome</h1>

Now let's look at the log for the modified code.

# When request is made for the first time.Processing by HomeController#index as HTML  Rendered home/index.html.erb within layouts/application (1.3ms)Completed 200 OK in 224ms (Views: 212.4ms | ActiveRecord: 0.0ms)# For consecutive requests for the same pageProcessing by HomeController#index as HTMLCompleted 304 Not Modified in 2ms (ActiveRecord: 0.0ms)

On first hit, we serve the request normally but, then on each subsequent requestcache is revalidated and a "304 Not Modified" response is sent to the browser.

Options with http_cache_forever

By default, HTTP responses are cached only on the user's web browser. To allowproxies to cache the response, we can set public to true to indicate that theycan serve the cached response.

Use http_cache_forever with caution

By using this method, Cache-Control: max-age=3155760000 is set as responseheader and browser/proxy won't revalidate the resource back to the server unlessforce reload is done.

In case force reload is done, Cache-Control: max-age=0 is set as requestheader.

In this case, browser will receive the changed resource whether ETag is changedor not.

http_cache_forever is literally going to set the headers to cache it for 100years and developers would have to take extra steps to revalidate it. So, thisshould be used with extra care.

This is fine for normal HTML requests. But traditionally, Rails always returnedwith HTML response for exceptions for all requests, including JSON on XMLrequests in development.

We can now generate API only apps in Rails 5. In case of such apps, it's betterto have the error message in the format in which request was made. Having anHTML response for a JSON endpoint like http://localhost:3000/posts.json is notgoing to help in debugging why the exception happened.

New config option debug_exception_response_format

Rails 5 has introducednew configuration to respond withproper format for exceptions.

# config/environments/development.rbconfig.debug_exception_response_format = :api

Let's see an example of the response received with this configuration.

$ curl localhost:3000/posts.json{"status":404,"error":"Not Found","exception":"#\u003cActionController::RoutingError: No route matches [GET] \"/posts.json\"\u003e","traces":{"Application Trace":[...],"Framework Trace":[...]}}

The status key will represent HTTP status code and error key will representthe corresponding Rack HTTP status.

exception will print the output of actual exception in inspect format.

traces will contain application and framework traces similar to how they aredisplayed in HTML error page.

By default, config.debug_exception_response_format is set to :api so as torender responses in the same format as requests.

If you want the original behavior of rendering HTML pages, you can configurethis option as follows.

# config/environments/development.rbconfig.debug_exception_response_format = :default

Here is an example.

# In test helperdef file_data(name)  File.read(Rails.root.to_s + "/tests/support/files/#{name}")end# In testclass PostsControllerTest < ActionDispatch::IntegrationTest  setup do    @post = posts(:one)  end  test "should get index" do    get posts_url, format: :json    assert_equal file_data('posts.json'), response.body  endend

File Fixtures in Rails 5

In Rails 5, we can now organize such test files as fixtures.

Newly generated Rails 5 applications, will have directory test/fixtures/filesto store such test files.

These test files can be accessed using file_fixture helper method in tests.

require 'test_helper'class PostsControllerTest < ActionDispatch::IntegrationTest  setup do    @post = posts(:one)  end  test "should get index" do    get posts_url, format: :json    assert_equal response.body, file_fixture('posts.json').read  endend

The file_fixture method returns Pathname object, so it's easy to extractfile specific information.

file_fixture('posts.json').readfile_fixture('song.mp3').size

Case I

In Rails 4.x command

rails g model User name:string

will generate migration as shown below.

class CreateUsers < ActiveRecord::Migration  def change    create_table :users do |t|      t.string :name      t.timestamps null: false    end  endend

In Rails 5 the same command will generate following migration.

class CreateUsers < ActiveRecord::Migration[5.0]  def change    create_table :users do |t|      t.string :name      t.timestamps    end  endend

Let's see the generated schema after running migration generated in Rails 5.

sqlite> .schema usersCREATE TABLE "users" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "name" varchar, "created_at" datetime NOT NULL, "updated_at" datetime NOT NULL);sqlite>

Rails 5 added the NOT NULL constraints on the timestamps columns even thoughnot null constraint was not specified in the migration.

Case II

Let's look at another example.

In Rails 4.x command

rails g model Task user:references

would generate following migration.

class CreateTasks < ActiveRecord::Migration  def change    create_table :tasks do |t|      t.references :user, index: true, foreign_key: true      t.timestamps null: false    end  endend

In Rails 5.0, same command will generate following migration.

class CreateTasks < ActiveRecord::Migration[5.0]  def change    create_table :tasks do |t|      t.references :user, foreign_key: true      t.timestamps    end  endend

There is no mention of index: true in the above migration. Let's see thegenerated schema after running Rails 5 migration.

sqlite> .schema tasksCREATE TABLE "tasks" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL, "user_id" integer, "created_at" datetime NOT NULL, "updated_at" datetime NOT NULL);CREATE INDEX "index_tasks_on_user_id" ON "tasks" ("user_id");

As you can see, an index on user_id column is added even though it's notpresent in the migration.

Migration API has changed in Rails 5

Rails 5 has changed migration API because of which even though null: falseoptions is not passed to timestamps when migrations are run then not null isautomatically addedfor timestamps.

Similarly, we want indexes for referenced columns in almost all cases. So Rails5 does not need references to have index: true. When migrations are run thenindex is automatically created.

Now let's assume that an app was created in Rails 4.x. It has a bunch ofmigrations. Later the app was upgraded to Rails 5. Now when older migrations arerun then those migrations will behave differently and will create a differentschema file. This is a problem.

Solution is versioned migrations.

Versioned migrations in Rails 5

Let's look at the migration generated in Rails 5 closely.

class CreateTasks < ActiveRecord::Migration[5.0]  def change    create_table :tasks do |t|      t.references :user, index: true, foreign_key: true      t.timestamps null: false    end  endend

In this case CreateUsers class is now inheriting fromActiveRecord::Migration[5.0] instead of ActiveRecord::Migration.

Here [5.0] is Rails version that generated this migration.

Solving the issue with older migrations

Whenever Rails 5 runs migrations, it checks the class of the current migrationfile being run. If it's 5.0, it uses the new migration API which has changeslike automatically adding null: false to timestamps.

But whenever the class of migration file is other thanActiveRecord::Migration[5.0], Rails will use a compatibility layer ofmigrations API. Currently thiscompatibility layeris present for Rails 4.2. What it means is that all migration generated prior tousage of Rails 5 will be treated as if they were generate in Rails 4.2.

You will also see adeprecation warningasking user to add the version of the migration to the class name for oldermigrations.

So if you are migrating a Rails 4.2 app, all of your migrations will have classActiveRecord::Migration. If you run those migrations in Rails 5, you will seea warning asking to add version name to the class name so that class name lookslike ActiveRecord::Migration[4.2].

However sometimes we get ActionController::RedirectBackError exception whenHTTP_REFERER is not present.

class PostsController < ApplicationController  def publish    post = Post.find params[:id]    post.publish!    redirect_to :back  endend

This works well when HTTP_REFERER is present and it redirects to previouspage.

Issue comes up when HTTP_REFERER is not present and which in turn throwsexception.

To avoid this exception we can use rescue and redirect to root url.

class PostsController < ApplicationController  rescue_from ActionController::RedirectBackError, with: :redirect_to_default  def publish    post = Post.find params[:id]    post.publish!    redirect_to :back  end  private  def redirect_to_default    redirect_to root_path  endend

Improvement in Rails 5

In Rails 5, redirect_to :back has been deprecated and insteada new method has been added calledredirect_back.

To deal with the situation when HTTP_REFERER is not present, it takes requiredoption fallback_location.

class PostsController < ApplicationController  def publish    post = Post.find params[:id]    post.publish!    redirect_back(fallback_location: root_path)  endend

This redirects to HTTP_REFERER when it is present and when HTTP_REFERER isnot present then redirects to whatever is passed as fallback_location.

Rails provides deliver_later method to enqueue mailer jobs.

class UserMailer < ApplicationMailer  def send_notification(user)    @user = user    mail(to: user.email)  endend> UserMailer.send_notification(user).deliver_later=> <ActionMailer::DeliveryJob:0x007ff602dd3128 @arguments=["UserMailer", "send_notification", "deliver_now", <User id: 1, name: "John", email: "john@bigbinary.com">], @job_id="d0171da0-86d3-49f4-ba03-37b37d4e8e2b", @queue_name="mailers", @priority=nil>

Note that the task of delivering email was put in queue called mailers.

In Rails 4.x, all background jobs are given queue named "default" except formailers. All outgoing mails are given the queue named "mailers" and we do nothave the option of changing this queue name from "mailers" to anything else.

Since Rails 4.x comes with minimum of two queues it makes difficult to usequeuing services like que which relies onapplications having only one queue.

Customizing queue name in Rails 5

In Rails 5, we can nowchange queue name for mailer jobsusing following configuration.

config.action_mailer.deliver_later_queue_name = 'default'class UserMailer < ApplicationMailer  def send_notification(user)    @user = user    mail(to: user.email)  endend2.2.2 :003 > user = User.last=> <User id: 6, name: "John", email: "john@bigbinary.com">2.2.2 :004 > UserMailer.send_notification(user).deliver_later=> <ActionMailer::DeliveryJob:0x007fea2182b2d0 @arguments=["UserMailer", "send_notification", "deliver_now", <User id: 1, name: "John", email: "john@bigbinary.com">], @job_id="316b00b2-64c8-4a2d-8153-4ce7abafb28d", @queue_name="default", @priority=nil>

Adding precision to migration

To add precision on datetime column we need to add limit option to it. Bydefault it is set to 0.

def change  add_column :users, :last_seen_at, :datetime, limit: 6end

This adds precision(6) to last_seen_at column in users table.

Rails 4.x behavior

Let's look at the some of the examples with different precision values.

The task here is to set end_of_day value to updated_at column.

With precision set to 6

user = User.firstuser.updated_at=> Mon, 18 Jan 2016 10:13:10 UTC +00:00user.updated_at = user.updated_at.end_of_day=> Mon, 18 Jan 2016 23:59:59 UTC +00:00user.save'UPDATE `users` SET `updated_at` = '2016-01-18 23:59:59.999999' WHERE `users`.`id` = 1'user.updated_at=> Mon, 18 Jan 2016 23:59:59 UTC +00:00user.reloaduser.updated_at=> Mon, 18 Jan 2016 23:59:59 UTC +00:00

Everything looks good here.

But let's look at what happens when precision is set to 0.

With precision set to 0

user = User.firstuser.updated_at=> Mon, 18 Jan 2016 10:13:10 UTC +00:00user.updated_at = user.updated_at.end_of_day=> Mon, 18 Jan 2016 23:59:59 UTC +00:00user.save'UPDATE `users` SET `updated_at` = '2016-01-18 23:59:59.999999' WHERE `users`.`id` = 1'user.updated_at=> Mon, 18 Jan 2016 23:59:59 UTC +00:00

So far everything looks good here too. Now let's see what happens when we reloadthis object.

user.reloaduser.updated_at=> Tue, 19 Jan 2016 00:00:00 UTC +00:00

As we can clearly see after the reload updated_at value has been rounded offfrom 2016-01-18 23:59:59.999999 to 2016-01-19 00:00:00. It might seem like asmall issue but notice that date has changed from 01/18 to 01/19 because ofthis rounding.

Improvement in Rails 5

Rails team fixed this issue by removing fractional part if mysql adapter doesnot support precision.

Here are the two relevant commits to this change.

• Commit for support of precision with mysql

• Commit for checking precision on columns

With precision set to 0

user.updated_at=> Tue, 19 Jan 2016 00:00:00 UTC +00:00user.updated_at = user.updated_at.tomorrow.beginning_of_day - 1=> Tue, 19 Jan 2016 23:59:59 UTC +00:00user.save'UPDATE `users` SET `updated_at` = '2016-01-19 23:59:59' WHERE `users`.`id` = 1'user.reloaduser.updated_at=> Tue, 19 Jan 2016 23:59:59 UTC +00:00

If precision is not set then fractional part gets stripped and date is notchanged.

Improvements in Date, Time and Datetime

prev_day and next_day

As the name of the methods suggests, next_dayreturns next calendar date.

Similarly, prev_day returns previous calendar date.

Time.current=> Fri, 12 Feb 2016 08:53:31 UTC +00:00Time.current.next_day=> Sat, 13 Feb 2016 08:53:31 UTC +00:00Time.current.prev_day=> Thu, 11 Feb 2016 08:53:31 UTC +00:00

Support for same_time option to next_week and prev_week

In Rails 4.x next_week returns beginning of next week and prev_week returnsbeginning of previous week.

In Rails 4.x these two methods also accept week day as a parameter.

Time.current=> Fri, 12 Feb 2016 08:53:31 UTC +00:00Time.current.next_week=> Mon, 15 Feb 2016 00:00:00 UTC +00:00Time.current.next_week(:tuesday)=> Tue, 16 Feb 2016 00:00:00 UTC +00:00Time.current.prev_week(:tuesday)=> Tue, 02 Feb 2016 00:00:00 UTC +00:00

By using week day as parameter we can get the date one week from now but thereturned date is still the beginning of that date. How do we get one week fromthe current time.

Rails 5 add an additional option same_time: true to solve this problem.

Using this option, we can now get next week date from the current time.

Time.current=> Fri, 12 Feb 2016 09:15:10 UTC +00:00Time.current.next_week=> Mon, 15 Feb 2016 00:00:00 UTC +00:00Time.current.next_week(same_time: true)=> Mon, 15 Feb 2016 09:15:20 UTC +00:00Time.current.prev_week=> Mon, 01 Feb 2016 00:00:00 UTC +00:00Time.current.prev_week(same_time: true)=> Mon, 01 Feb 2016 09:16:50 UTC +00:00

on_weekend?

This method returns true if the receiving date/time is a Saturday or Sunday.

Time.current=> Fri, 12 Feb 2016 09:47:40 UTC +00:00Time.current.on_weekend?=> falseTime.current.tomorrow=> Sat, 13 Feb 2016 09:48:47 UTC +00:00Time.current.tomorrow.on_weekend?=> true

on_weekday?

This method returns true if the receiving date/time is not a Saturday orSunday.

Time.current=> Fri, 12 Feb 2016 09:47:40 UTC +00:00Time.current.on_weekday?=> trueTime.current.tomorrow=> Sat, 13 Feb 2016 09:48:47 UTC +00:00Time.current.tomorrow.on_weekday?=> false

next_weekday and prev_weekday

next_weekday returns next day that is not a weekend.

Similarly, prev_weekday returns last day that is not a weekend.

Time.current=> Fri, 12 Feb 2016 09:47:40 UTC +00:00Time.current.next_weekday=> Mon, 15 Feb 2016 09:55:14 UTC +00:00Time.current.prev_weekday=> Thu, 11 Feb 2016 09:55:33 UTC +00:00

Time.days_in_year

# Gives number of days in current year, if year is not passed.Time.days_in_year=> 366# Gives number of days in specified year, if year is passed.Time.days_in_year(2015)=> 365

Improvements in Enumerable

pluck

pluck method is now added toEnumerable objects.

users = [{id: 1, name: 'Max'}, {id: 2, name: 'Mark'}, {id: 3, name: 'George'}]users.pluck(:name)=> ["Max", "Mark", "George"]# Takes multiple arguments as wellusers.pluck(:id, :name)=> [[1, "Max"], [2, "Mark"], [3, "George"]]

one great improvement in ActiveRecord due to this method addition is that whenrelation is already loaded then instead of firing query with pluck, it usesEnumerable#pluck to get data.

# In Rails 4.xusers = User.allSELECT `users`.* FROM `users`users.pluck(:id, :name)SELECT "users"."id", "users"."name" FROM "users"=> [[2, "Max"], [3, "Mark"], [4, "George"]]# In Rails 5users = User.allSELECT "users".* FROM "users"# does not fire any queryusers.pluck(:id, :name)=> [[1, "Max"], [2, "Mark"], [3, "George"]]

without

This method returns a copy ofenumerable without the elements passed to the method.

vehicles = ['Car', 'Bike', 'Truck', 'Bus']vehicles.without("Car", "Bike")=> ["Truck", "Bus"]vehicles = {car: 'Hyundai', bike: 'Honda', bus: 'Mercedes', truck: 'Tata'}vehicles.without(:bike, :bus)=> {:car=>"Hyundai", :truck=>"Tata"}

Array#second_to_last and Array#third_to_last

['a', 'b', 'c', 'd', 'e'].second_to_last=> "d"['a', 'b', 'c', 'd', 'e'].third_to_last=> "c"

PR for these methods can be foundhere.

Integer#positive? and Integer#negative?

positive? returns true if integer is positive.

negative? returns true if integer is negative.

4.positive?=> true4.negative?=> false-4.0.positive?=> false-4.0.negative?=> true

Commit for these methods can be foundhere.

These changes have now beenadded to Ruby 2.3also.

Array#inquiry

Rails team hasaddedArrayInquirer to ActiveSupport which gives a friendlier way to check itscontents.

Array#inquiry is a shortcut for wrapping the receiving array in anArrayInquirer

users = [:mark, :max, :david]array_inquirer1 = ActiveSupport::ArrayInquirer.new(users)# creates ArrayInquirer object which is same as array_inquirer1 abovearray_inquirer2 = users.inquiryarray_inquirer2.class=> ActiveSupport::ArrayInquirer# provides methods like:array_inquirer2.mark?=> truearray_inquirer2.john?=> falsearray_inquirer2.any?(:john, :mark)=> truearray_inquirer2.any?(:mark, :david)=> truearray_inquirer2.any?(:john, :louis)=> false

$ rake routesPrefix       Verb   URI Pattern                   Controller#Actionwishlist_user GET    /users/:id/wishlist(.:format) users#wishlist        users GET    /users(.:format)              users#index              POST   /users(.:format)              users#create     new_user GET    /users/new(.:format)          users#new    edit_user GET    /users/:id/edit(.:format)     users#edit         user GET    /users/:id(.:format)          users#show              PATCH  /users/:id(.:format)          users#update              PUT    /users/:id(.:format)          users#update              DELETE /users/:id(.:format)          users#destroy     products GET    /products(.:format)           products#index              POST   /products(.:format)           products#createand so on ......

This list can be lengthy and it could be difficult to locate exactly what useris looking for.

Ways to search specific routes prior to Rails 5

To see only specific routes we can use commands like grep.

$ rake routes | grep productsPrefix       Verb   URI Pattern                   Controller#Actionproducts      GET    /products(.:format)           products#index              POST   /products(.:format)           products#create

Options with Rails 5

Rails 5 has added options inrails routes to perform pattern matching on routes.

Controller specific search

Use option -c to search for routes related to controller. Also remember thatRails does case insensitive search. So rails routes -c users is same asrails routes -c Users.

# Search for Controller name$ rails routes -c users       Prefix Verb   URI Pattern                   Controller#Actionwishlist_user GET    /users/:id/wishlist(.:format) users#wishlist        users GET    /users(.:format)              users#index              POST   /users(.:format)              users#create# Search for namespaced Controller name.$ rails routes -c admin/users         Prefix Verb   URI Pattern                     Controller#Action    admin_users GET    /admin/users(.:format)          admin/users#index                POST   /admin/users(.:format)          admin/users#create# Search for namespaced Controller name.$ rails routes -c Admin::UsersController         Prefix Verb   URI Pattern                     Controller#Action    admin_users GET    /admin/users(.:format)          admin/users#index                POST   /admin/users(.:format)          admin/users#create

Pattern specific search

Use -g option to dogeneral purpose pattern matching.This results in any routes that partially matches Prefix, Controller#Action orthe URI pattern.

# Search with pattern$ rails routes -g wishlist       Prefix Verb URI Pattern                   Controller#Actionwishlist_user GET  /users/:id/wishlist(.:format) users#wishlist# Search with HTTP Verb$ rails routes -g POST    Prefix Verb URI Pattern            Controller#Action           POST /users(.:format)       users#create           POST /admin/users(.:format) admin/users#create           POST /products(.:format)    products#create# Search with URI pattern$ rails routes -g admin       Prefix Verb   URI Pattern                     Controller#Action  admin_users GET    /admin/users(.:format)          admin/users#index              POST   /admin/users(.:format)          admin/users#create

Note that using CONTROLLER=some_controller has now been deprecated. This had thesame effect as searching for a controller specific route.

It triggers validation error if associated record is not present.

class User < ApplicationRecordendclass Post < ApplicationRecord  belongs_to :userendpost = Post.create(title: 'Hi')=> <Post id: nil, title: "Hi", user_id: nil, created_at: nil, updated_at: nil>post.errors.full_messages.to_sentence=> "User must exist"

As we can see, we can't create any post record without having an associateduser record.

How to achieve this behavior before Rails 5

In Rails 4.x world To add validation on belongs_to association, we need to addoption required: true .

class User < ApplicationRecordendclass Post < ApplicationRecord  belongs_to :user, required: trueendpost = Post.create(title: 'Hi')=> <Post id: nil, title: "Hi", user_id: nil, created_at: nil, updated_at: nil>post.errors.full_messages.to_sentence=> "User must exist"

By default, required option is set to false.

Opting out of this default behavior in Rails 5

We can pass optional: true to the belongs_to association which would removethis validation check.

class Post < ApplicationRecord  belongs_to :user, optional: trueendpost = Post.create(title: 'Hi')=> <Post id: 2, title: "Hi", user_id: nil>

But, what if we do not need this behavior anywhere in our entire application andnot just a single model?

Opting out of this default behavior for the entire application

New Rails 5 application comes with an initializer namednew_framework_defaults.rb.

When upgrading from older version of Rails to Rails 5, we can add thisinitializer by running bin/rails app:update task.

This initializer has config namedRails.application.config.active_record.belongs_to_required_by_default = true

For new Rails 5 application the value is set to true but for old applications,this is set to false by default.

We can turn off this behavior by keeping the value to false.

Rails.application.config.active_record.belongs_to_required_by_default = falseclass Post < ApplicationRecord  belongs_to :userendpost = Post.create(title: 'Hi')=> <Post id: 3, title: "Hi", user_id: nil, created_at: "2016-02-11 12:36:05", updated_at: "2016-02-11 12:36:05">

class Order < ActiveRecord::Base  before_save :set_eligibility_for_rebate  before_save :ensure_credit_card_is_on_file  def set_eligibility_for_rebate    self.eligibility_for_rebate ||= false  end  def ensure_credit_card_is_on_file    puts "check if credit card is on file"  endendOrder.create!=> ActiveRecord::RecordNotSaved: ActiveRecord::RecordNotSaved

In this case the code is attempting to set the value of eligibility_for_rebateto false. However the side effect of the way Rails callbacks work is that thecallback chain will be halted simply because one of the callbacks returnedfalse.

Right now, to fix this we need to return true from before_ callbacks, sothat callbacks are not halted.

Improvements in Rails 5

Rails 5 fixed this issue by addingthrow(:abort) to explicitly halt callbacks.

Now, if any before_ callback returns false then callback chain is nothalted.

class Order < ActiveRecord::Base  before_save :set_eligibility_for_rebate  before_save :ensure_credit_card_is_on_file  def set_eligibility_for_rebate    self.eligibility_for_rebate ||= false  end  def ensure_credit_card_is_on_file    puts "check if credit card is on file"  endendOrder.create!=> check if credit card is on file=> <Order id: 4, eligibility_for_rebate: false>

To explicitly halt the callback chain, we need to use throw(:abort).

class Order < ActiveRecord::Base  before_save :set_eligibility_for_rebate  before_save :ensure_credit_card_is_on_file  def set_eligibility_for_rebate    self.eligibility_for_rebate ||= false    throw(:abort)  end  def ensure_credit_card_is_on_file    puts "check if credit card is on file"  endendOrder.create!=> ActiveRecord::RecordNotSaved: Failed to save the record

Opting out of this behavior

The new Rails 5 application comes up with initializer namedcallback_terminator.rb.

ActiveSupport.halt_callback_chains_on_return_false = false

By default the value is to set to false.

We can turn off this default behavior by changing this configuration to true.However then Rails shows deprecation warning when false is returned fromcallback.

ActiveSupport.halt_callback_chains_on_return_false = trueclass Order < ApplicationRecord  before_save :set_eligibility_for_rebate  before_save :ensure_credit_card_is_on_file  def set_eligibility_for_rebate    self.eligibility_for_rebate ||= false  end  def ensure_credit_card_is_on_file    puts "check if credit card is on file"  endend=> DEPRECATION WARNING: Returning `false` in Active Record and Active Model callbacks will not implicitly halt a callback chain in the next release of Rails. To explicitly halt the callback chain, please use `throw :abort` instead.ActiveRecord::RecordNotSaved: Failed to save the record

How older applications will work with this change?

The initializer configuration will be present only in newly generated Rails 5apps.

If you are upgrading from an older version of Rails, you can add thisinitializer yourself to enable this change for entire application.

This is a welcome change in Rails 5 which will help prevent accidental haltingof the callbacks.

ActiveRecord::Relation#cache_key

What is collection caching?

Consider the following example where we are fetching a collection of all usersbelonging to city of Miami.

@users = User.where(city: 'miami')

Here @users is a collection of records and is an object of classActiveRecord::Relation.

Whether the result of the above query would be same depends on followingconditions.

• The query statement doesn't change. If we change city name from "Miami" to"Boston" then result might change.
• No record is deleted. The count of records in the collection should be same.
• No record is added. The count of records in the collection should be same.

Rails communityimplemented caching for a collection of records. Method cache_key was added to ActiveRecord::Relation which takes intoaccount many factors including query statement, updated_at column value and thecount of the records in collection.

Understanding ActiveRecord::Relation#cache_key

We have object @users of class ActiveRecord::Relation. Now let's executecache_key method on it.

 @users.cache_key => "users/query-67ed32b36805c4b1ec1948b4eef8d58f-3-20160116111659084027"

Let's try to understand each piece of the output.

users represents what kind of records we are holding. In this example wehave collection of records of class User. Hence users is to illustrate thatwe are holding users records.

query- is hardcoded value and it will be same in all cases.

67ed32b36805c4b1ec1948b4eef8d58f is a digest of the query statement thatwill be executed. In our example it isMD5( "SELECT "users".* FROM "users" WHERE "users"."city" = 'Miami'")

3 is the size of collection.

20160116111659084027 is timestamp of the most recently updated record inthe collection. By default, the timestamp column considered is updated_at andhence the value will be the most recent updated_at value in the collection.

Using ActiveRecord::Relation#cache_key

Let's see how to use cache_key to actually cache data.

In our Rails application, if we want to cache records of users belonging to"Miami" then we can take following approach.

# app/controllers/users_controller.rbclass UsersController < ApplicationController  def index    @users = User.where(city: 'Miami')  endend# users/index.html.erb<% cache(@users) do %>  <% @users.each do |user| %>    <p> <%= user.city %> </p>  <% end %><% end %># 1st HitProcessing by UsersController#index as HTML  Rendering users/index.html.erb within layouts/application   (0.2ms)  SELECT COUNT(*) AS "size", MAX("users"."updated_at") AS timestamp FROM "users" WHERE "users"."city" = ?  [["city", "Miami"]]Read fragment views/users/query-37a3d8c65b3f0f9ece7f66edcdcb10ab-4-20160704131424063322/30033e62b28c83f26351dc4ccd6c8451 (0.0ms)  User Load (0.1ms)  SELECT "users".* FROM "users" WHERE "users"."city" = ?  [["city", "Miami"]]Write fragment views/users/query-37a3d8c65b3f0f9ece7f66edcdcb10ab-4-20160704131424063322/30033e62b28c83f26351dc4ccd6c8451 (0.0ms)Rendered users/index.html.erb within layouts/application (3.7ms)# 2nd HitProcessing by UsersController#index as HTML  Rendering users/index.html.erb within layouts/application   (0.2ms)  SELECT COUNT(*) AS "size", MAX("users"."updated_at") AS timestamp FROM "users" WHERE "users"."city" = ?  [["city", "Miami"]]Read fragment views/users/query-37a3d8c65b3f0f9ece7f66edcdcb10ab-4-20160704131424063322/30033e62b28c83f26351dc4ccd6c8451 (0.0ms)  Rendered users/index.html.erb within layouts/application (3.0ms)

From above, we can see that for the first hit, a count query is fired to getthe latest updated_at and size from the users collection.

Rails will write a new cache entry with a cache_key generated from abovecount query.

Now on second hit, it again fires count query and checks if cache_key for thisquery exists or not.

If cache_key is found, it loads data without firing SQL query.

What if your table doesn't have updated_at column?

Previously we mentioned that cache_key method uses updated_at column.cache_key also provides an option of passing custom column as a parameter andthen the highest value of that column among the records in the collection willbe considered.

For example if your business logic considers a column named last_bought_at inproducts table as a factor to decide caching, then you can use the followingcode.

 products = Product.where(category: 'cars') products.cache_key(:last_bought_at) => "products/query-211ae6b96ec456b8d7a24ad5fa2f8ad4-4-20160118080134697603"

Edge cases to watch out for

Before you start using cache_key there are some edge cases to watch out for.

Consider you have an application where there are 5 entries in users table withcity Miami.

Using limit puts incorrect size in cache key if collection is not loaded.

If you want to fetch three users belonging to city "Miami" then you wouldexecute following query.

 users = User.where(city: 'Miami').limit(3) users.cache_key => "users/query-67ed32b36805c4b1ec1948b4eef8d58f-3-20160116144936949365"

Here users contains only three records and hence the cache_key has 3 for sizeof collection.

Now let's try to execute same query without fetching the records first.

 User.where(name: 'Sam').limit(3).cache_key => "users/query-8dc512b1408302d7a51cf1177e478463-5-20160116144936949365"

You can see that the count in the cache is 5 this time even though we have set alimit to 3. This is because the implementation ofActiveRecord::Base#collection_cache_keyexecutes query without limitto fetch the size of the collection.

Cache key doesn't change when an existing record from a collection is replaced

I want 3 users in the descending order of ids.

 users1 = User.where(city: 'Miami').order('id desc').limit(3) users1.cache_key => "users/query-57ee9977bb0b04c84711702600aaa24b-3-20160116144936949365"

Above statement will give us users with ids [5, 4, 3].

Now let's remove the user with id = 3.

 User.find(3).destroy users2 = User.where(first_name: 'Sam').order('id desc').limit(3) users2.cache_key => "users/query-57ee9977bb0b04c84711702600aaa24b-3-20160116144936949365"

Note that cache_key both users1 and users2 is exactly same. This isbecause none of the parameters that affect the cache key is changed i.e.,neither the number of records, nor the query statement, nor the timestamp of thelatest record.

There is a discussion undergoingabout adding ids of the collection records as part of the cache key. This mighthelp solve the problems discussed above.

Using group query gives incorrect size in the cache key

Just like limit case discussed above cache_key behaves differently when datais loaded and when data is not loaded in memory.

Let's say that we have two users with first_name "Sam".

First let's see a case where collection is not loaded in memory.

 User.select(:first_name).group(:first_name).cache_key => "users/query-92270644d1ec90f5962523ed8dd7a795-1-20160118080134697603"

In the above case, the size is 1 in cache_key. For the system mentioned above,the sizes that you will get shall either be 1 or 5. That is, it is size of anarbitrary group.

Now let's see when collection is first loaded.

 users = User.select(:first_name).group(:first_name) users.cache_key => "users/query-92270644d1ec90f5962523ed8dd7a795-2-20160118080134697603"

In the above case, the size is 2 in cache_key. You can see that the count inthe cache key here is different compared to that where the collection wasunloaded even though the query output in both the cases will be exactly same.

In case where the collection is loaded, the size that you get is equal to thetotal number of groups. So irrespective of what the records in each group are,we may have possibility of having the same cache key value.

config.action_controller.perform_caching = false

After changing the value from false to true, I need to restart the server.

This means that if I am testing caching behavior locally then every time I turncaching "on" or "off" I need to restart the server.

New command to create development cache in Rails 5

Rails 5 has introduced a new command to create development cache and help ustest how caching behaves in development mode. Here is theissue and here is thepull request.

$ rails dev:cacheDevelopment mode is now being cached.

Execution of the above command creates file caching-dev.txt in tmpdirectory.

How does it work?

In Rails 5 when a brand new Rails app is created thenconfig/environments/development.rb file will have the following snippet ofcode.

if Rails.root.join('tmp/caching-dev.txt').exist?  config.action_controller.perform_caching = true  config.static_cache_control = "public, max-age=172800"  config.cache_store = :mem_cache_storeelse  config.action_controller.perform_caching = false  config.cache_store = :null_storeend

In the above code we are checking if the file tmp/caching-dev.txt is presentand then use :mem_cache_store to enable caching only if the file is found.

Also, here is a snippet from thedev cache source code.

def dev_cache  if File.exist? 'tmp/caching-dev.txt'    File.delete 'tmp/caching-dev.txt'    puts 'Development mode is no longer being cached.'  else    FileUtils.touch 'tmp/caching-dev.txt'    puts 'Development mode is now being cached.'  end  FileUtils.touch 'tmp/restart.txt'end

What is the advantage

The advantage is that we do not need to restart the server manually if we wantto turn caching "on" or "off". It is internally taken care by the dev_cachemethod that is executed when rails dev:cache is executed. You can see in thesource code that tmp/restart.txt is being touched.

Please note that this feature is not supported by unicorn, thin and webrick.My guess is that DHH wants this feature because his team uses pow and powrestarts when tmp/restart.txt is touched. He also created an issue forspring to watch tmp/restart.txtlong time back.

Disabling development cache

Execute the same command that was used to enable caching. If caching waspreviously enabled then it will be turned "off" now.

$ rails dev:cacheDevelopment mode is no longer being cached.

Our task is to write a database migration and then to run that migration.

rails g migration create_users

Above command creates a migration. Now we need to run that migration.

rake db:migrate

As you can see first command starts with rails and second command starts withrake.

In order to consolidate them we can either use rails for everything or we canuse rake for everything.

Choosing rails command over rake command

Some favor using rake over rails. But an important feature missing in Rakeis the ability to pass arguments.

rails console development

In order to execute the above command using rake we will have to passconsole and development as arguments. We can pass these values usingenvironment variables. That would mean adding additional code in Rake task tofetch right values and then only we will be able to invoke commandrails console development.

Rails 5 enables executing rake commands with rails

Rails core team decided to haveconsistency by enabling rails command to support everything that rake does.

For example in Rails 5 commands like db:migrate, setup, test etc which arepart of rake command in Rails 4 are now being supported by rails command.However you can still choose to use rake to run those commands similar to howthey were run in Rails 4. This is because Rails community hasintroduced Rake Proxyinstead of completely moving the command options from rake to rails.

What happens internally is that when rails db:migrate command is executed,Rails checks if db:migrate is something that rails natively supports or not.In this case db:migrate is not natively supported by rails, so Railsdelegates the execution to Rake via Rake Proxy.

If you want to see all the commands that is supported by rails in Rails 5 thenyou can get a long list of options by executing rails --help.

Use app namespace for framework tasks in Rails 5

As rails command is now preferred over rake command, few rails namespacedframework tasks started looking little odd.

$ rails rails:update$ rails rails:template$ rails rails:templates:copy$ rails rails:update:configs$ rails rails:update:bin

So, Rails team decided to change the namespace for these tasks from rails toapp.

$ rails app:update$ rails app:template$ rails app:templates:copy$ rails app:update:configs$ rails app:update:bin

Using rails rails:update will now give deprecation warning like:DEPRECATION WARNING: Running update with the rails: namespace is deprecated in favor of app: namespace. Run bin/rails app:update instead.

More improvements in pipeline

In Rails 4, the routes are usually searched like this.

$ rake routes | grep pattern

There is an effort underway tohave a Rails command which might work as shown below.

$ rails routes -g pattern

There is alsoan effort to enable lookup for controllerlike this.

$ rails routes -c some_controller

Nested form can get around CSRF protection offered by Rails 4

A typical form generated in Rails 4 might look like this.

<form method= "post" action="/money_transfer">  <input type="hidden" name="authenticity_token" value="token_value"></form>

Using code-injection, a Hacker can add another form tag above the form taggenerated by Rails using JavaScript. Now the markup looks like this.

<form method="post" action="http://www.fraud.com/fraud">  <form method= "post" action="/money_transfer">    <input type="hidden" name="authenticity_token" value="token_value">  </form></form>

HTML specificationdoes not allow nested forms.

Since nested forms are not allowed browser will accept the top most level form.In this case that happens to be the form created by the hacker. When this formis submitted then "authenticity_token" is also submitted and Rails will do itscheck and will say everything is looking good and thus hacker will be able tohack the site.

Rails 5 fixes the issue by generating a custom token for a form

In Rails 5,CSRF token can be added for each form.Each CSRF token will be valid only for the method/action of the form it wasincluded in.

You can add following line to your controller to add authenticity token specificto method and action in each form tag of the controller.

class UsersController < ApplicationController  self.per_form_csrf_tokens = trueend

Adding that code to each controller feels burdensome. In that case you canenable this behavior for all controllers in the application by adding followingline to an initializer.

# config/application.rbRails.configuration.action_controller.per_form_csrf_tokens = true

This will add authenticity token specific to method and action in each form tagof the application. After adding that token the generated form might look likeas shown below.

<form method= "post" action="/money_transfer">  <input type="hidden" name="authenticity_token" value="money_transfer_post_action_token"></form>

Authenticity token included here will be specific to action money_transfer andmethod post. Attacker can still grab authenticity_token here, but attack willbe limited to money_transfer post action.

But sometimes we want to render our HTML or JSON response outside of thisrequest-response cycle.

For example let's say user is allowed to download PDF version of a report onweb. This can be done using request-response cycle. We also need to send aweekly report to managers and the email should have the report as an attachment.Now we need to generate the same PDF but since emails are sent using backgroundjob the request-response cycle is missing.

Rails 5 has this feature baked in.

Let's say we have a OrdersController and we want to render individual orderoutside of controller.

Fire up rails console and execute following command.

OrdersController.render :show, assigns: { order: Order.last }

This will render app/views/orders/show.html.erb with @order set toOrder.last. Instance variables can be set using assigns in the same way weuse them in controller actions. Those instance variables will be passed to theview that is going to be rendered.

Rendering partials is also possible.

OrdersController.render :_form, locals: { order: Order.last }

This will render app/views/orders/_form.html.erb and will pass order aslocal variable.

Say I want to render all orders, but in JSON format.

OrdersController.render json: Order.all# => "[{"id":1, "name":"The Well-Grounded Rubyist", "author":"David A. Black"},       {"id":2, "name":"Remote: Office not required", "author":"David & Jason"}]

Even rendering simple text is possible.

>> BooksController.render plain: 'this is awesome!'  Rendered text template (0.0ms)# => "this is awesome!"

Similar to text, we can also use render file and render template.

Request environment

A typical web request carries its own environment with it. We usually handlethis environment using request.env in controllers. Certain gems like devisedepends on env hash for information such as warden token.

So when we are rendering outside of controller, we need to make sure that therendering happens with correct environment.

Rails provides a default rack environment for this purpose. The default optionsused can be accessed through renderer.defaults.

>> OrdersController.renderer.defaults=> {:http_host=>"example.org", :https=>false, :method=>"get", :script_name=>"", :input=>""}

Internally, Rails will build a new Rack environment based on these options.

Customizing the environment

We can customize environment using method renderer. Let's say that we need"method as post" and we want "https to be true" for our background jobprocessing.

renderer = ApplicationController.renderer.new(method: 'post', https: true)# => #<ActionController::Renderer:0x007fdf34453f10 @controller=ApplicationController, @defaults={:http_host=>"example.org", :https=>false, :method=>"get", :script_name=>"", :input=>""}, @env={"HTTP_HOST"=>"example.org", "HTTPS"=>"on", "REQUEST_METHOD"=>"POST", "SCRIPT_NAME"=>"", "rack.input"=>""}>

Now that we have our custom renderer we can use it to generate view.

renderer.render template: 'show', locals: { order: Order.last }

Overall this is a nice feature which enables reuse of existing code.

$ bin/rails -hUsage: rails COMMAND [ARGS]The most common rails commands are: generate    Generate new code (short-cut alias: "g") console     Start the Rails console (short-cut alias: "c") server      Start the Rails server (short-cut alias: "s") test        Run tests (short-cut alias: "t")

Before Rails 5, we had to use bin/rake test to run tests. But in Rails 5, wecan use bin/rails test. It is not just replacement of old rake task but it isbacked by a test runner inspired from RSpec, minitest-reporters, maxitest andothers.

Let's see what bin/rails test can do.

Running a single test

Now it is possible to run a single test out of the box using the line number ofthe test.

$ bin/rails test test/models/user_test.rb:27

Rails will intelligently run the test from user_test.rb having line number 27.Note that the line number 27 does not need to be first line of the test. Belowis an example.

22: def test_valid_user23:   hash = { email: 'bob@exmaple.com',24:            first_name: 'John',25:            last_name: 'Smith' }26:27:   user = User.new hash28:29:   assert user.valid?30: end

In the above case, test_valid_user can be run as long as the line numberprovided is between 22 and 30.

Running multiple tests

You can also pass multiple test paths and Rails will run all of those tests.

$ bin/rails test test/models/user_test.rb:27 test/models/post_test.rb:42

It is also possible to run all tests from a directory.

$ bin/rails test test/controllers test/integration

Improved failure messages

When a test fails, Rails displays a command which can be used to just run thefailed test.

$ bin/rails tRun options: --seed 51858# Running:.FFailure:PostsControllerTest#test_should_get_new:Expected response to be a <success>, but was a <302> redirect to <http://test.host/posts>bin/rails test test/controllers/posts_controller_test.rb:15

I can simply copy bin/rails test test/controllers/posts_controller_test.rb:15and rerun the failing test.

Failing fast

By default when a test fails then rails reports about the test failures and thenmoves on to the next test. If you want to stop running the test when a testfails then use option -f.

$ bin/rails t -fRun options: -f --seed 59599# Running:..FFailure:PostsControllerTest#test_should_get_new:Expected response to be a <success>, but was a <302> redirect to <http://test.host/posts>bin/rails test test/controllers/posts_controller_test.rb:15Interrupted. Exiting...Finished in 0.179125s, 16.7481 runs/s, 22.3308 assertions/s.3 runs, 4 assertions, 1 failures, 0 errors, 0 skips

Defer test output until the end of the full test run

By default when a test fails then rails prints F and then details about thefailure like what assertion failed and how to re run the test etc.

If you want to have a clean output of . and F and would like all the testfailures report to come at the every end then use option -d.

$ bin/rails t -dRun options: -d --seed 29906# Running:..F...FFinished in 0.201320s, 34.7704 runs/s, 49.6721 assertions/s.  1) Failure:PostsControllerTest#test_should_create_post [/Users/prathamesh/Projects/fun/rails-5-test-runner-app/test/controllers/posts_controller_test.rb:19]:"Post.count" didn't change by 1.Expected: 3  Actual: 2  2) Failure:PostsControllerTest#test_should_get_new [/Users/prathamesh/Projects/fun/rails-5-test-runner-app/test/controllers/posts_controller_test.rb:15]:Expected response to be a <success>, but was a <302> redirect to <http://test.host/posts>7 runs, 10 assertions, 2 failures, 0 errors, 0 skipsFailed tests:bin/rails test test/controllers/posts_controller_test.rb:19bin/rails test test/controllers/posts_controller_test.rb:15

Better backtrace output

By default when an error is encountered while running the test then the outputdoes not contain full stacktrace. This makes debugging little bit difficult.

Error:PostsControllerTest#test_should_create_post:NameError: undefined local variable or method `boom' for #<PostsController:0x007f86bc62b728>    app/controllers/posts_controller.rb:29:in `create'    test/controllers/posts_controller_test.rb:20:in `block (2 levels) in <class:PostsControllerTest>'    test/controllers/posts_controller_test.rb:19:in `block in <class:PostsControllerTest

Now we can use -b switch, which will display complete backtrace of errormessage.

$ bin/rails t -bError:PostsControllerTest#test_should_create_post:NameError: undefined local variable or method `boom' for #<PostsController:0x007fc53c4eb868>    /rails-5-test-runner-app/app/controllers/posts_controller.rb:29:in `create'    /sources/rails/actionpack/lib/action_controller/metal/basic_implicit_render.rb:4:in `send_action'    /sources/rails/actionpack/lib/abstract_controller/base.rb:183:in `process_action'    /sources/rails/actionpack/lib/action_controller/metal/rendering.rb:30:in `process_action'    /sources/rails/actionpack/lib/abstract_controller/callbacks.rb:20:in `block in process_action'    /sources/rails/activesupport/lib/active_support/callbacks.rb:126:in `call'.....    /sources/rails/activesupport/lib/active_support/testing/assertions.rb:71:in `assert_difference'    /rails-5-test-runner-app/test/controllers/posts_controller_test.rb:19:in `block in <class:PostsControllerTest>'

Leveraging power of Minitest

The test runner also leverages power of minitest by providing some handyoptions.

Switch -s to provide your own seed

Now we can also provide our own seed using -s switch.

$ bin/rails t --s 42000

Switch -n to run matching tests

Switch -n will run tests matching the given string or regular expressionpattern.

$ bin/rails t -n "/create/"Run options: -n /create/ --seed 24558# Running:EError:PostsControllerTest#test_should_create_post:NameError: undefined local variable or method `boom' for #<PostsController:0x007faa39c2df90>    app/controllers/posts_controller.rb:29:in `create'    test/controllers/posts_controller_test.rb:20:in `block (2 levels) in <class:PostsControllerTest>'    test/controllers/posts_controller_test.rb:19:in `block in <class:PostsControllerTest>'bin/rails test test/controllers/posts_controller_test.rb:18Finished in 0.073857s, 13.5396 runs/s, 0.0000 assertions/s.1 runs, 0 assertions, 0 failures, 1 errors, 0 skips

Verbose output

It is also possible to see the verbose output using -v switch. It shows timerequired to run each test. This would help in detecting slow running tests.

$ bin/rails t -vRun options: -v --seed 30118# Running:PostsControllerTest#test_should_destroy_post = 0.07 s = .PostsControllerTest#test_should_update_post = 0.01 s = .PostsControllerTest#test_should_show_post = 0.10 s = .PostsControllerTest#test_should_create_post = 0.00 s = FFailure:PostsControllerTest#test_should_create_post:"Post.count" didn't change by 1.Expected: 3  Actual: 2bin/rails test test/controllers/posts_controller_test.rb:19PostsControllerTest#test_should_get_new = 0.02 s = .PostsControllerTest#test_should_get_index = 0.01 s = .PostsControllerTest#test_should_get_edit = 0.00 s = .Finished in 0.210071s, 33.3220 runs/s, 47.6028 assertions/s.7 runs, 10 assertions, 1 failures, 0 errors, 0 skips

Colored output

Now by default we will get colored output. No need to add additional gem tocolored output.

With all these awesome features, testing Rails 5 apps has definitely become abetter experience. Rails has shipped all these features within the frameworkitself so you don't have to use multiple gems and libraries to achieve all ofthese things.

Up to Rails 4.2, all models inherited from ActiveRecord::Base. But startingfrom Rails 5, all models will inherit from ApplicationRecord.

class Post < ApplicationRecordend

What happened to ActiveRecord::Base ?

Well not much changed in reality. Following file will be automatically added tomodels in Rails 5 applications.

# app/models/application_record.rbclass ApplicationRecord < ActiveRecord::Base  self.abstract_class = trueend

This behavior is similar to how controllers inherit from ApplicationControllerinstead of inheriting from ActionController::Base.

Now ApplicationRecord will be a single point of entry for all thecustomizations and extensions needed for an application, instead of monkeypatching ActiveRecord::Base.

Say I want to add some extra functionality to Active Record. This is what Iwould do in Rails 4.2.

module MyAwesomeFeature  def do_something_great    puts "Doing something complex stuff!!"  endendActiveRecord::Base.include(MyAwesomeFeature)

But now, ActiveRecord::Base forever includes MyAwesomeFeature and any classinheriting from it also includes MyAwesomeFeature even if they don't want it.

This is especially true if you are using plugins and engines where monkeypatching to ActiveRecord::Base can leak into engine or plugin code.

But with ApplicationRecord, they will be localized to only those models whichare inheriting from ApplicationRecord, effectively only to your application.

class ApplicationRecord < ActiveRecord::Base  include MyAwesomeFeature  self.abstract_class = trueend

Migrating from Rails 4

By default all new Rails 5 applications will have application_record.rb. Ifyou are migrating from Rails 4, then simply createapp/models/application_record.rb as shown below and change all models toinherit from ApplicationRecord instead of ActiveRecord::Base.

# app/models/application_record.rbclass ApplicationRecord < ActiveRecord::Base  self.abstract_class = trueend

Now let's say that I want to set a custom response header. That's easy. All Ineed to do is add following line of code in the controller.

response.headers['X-Tracking-ID'] = '123456'

Now I see this custom response header.

Setting custom response header for assets

Let's say that I need that custom response header not only for standard webrequests but also for my assets. For example application.js file is served byRails in localhost. How would I set custom header to the asset being served byRails here.

Actually that's not possible in Rails 4. In Rails 4 we can set only one responseheader for assets that are served by Rails and that response header isCache-Control.

Here is how I can configure Cache-Control for assets.

# open config/environments/production.rb and add following lineconfig.static_cache_control = 'public, max-age=1000'

Now we have modified 'Cache-Control` header for the assets.

Besides Cache-Control no other response header can be set for assets served byRails. That's a limitation.

How Rails Apps lived with this limitation so far

Rails is not the best server to serve static assets. Apace and NGINX are muchbetter at this job. Hence ,in reality, in production almost everyone puts eitherApache or NGINX in front of a Rails server and in this way Rails does not haveto serve static files.

Having said that, Rails applications hosted at Heroku is an exception. Assetsfor Rails applications running at Heroku are served by Rails application itself.

Problem we ran into

Our website is hosted at heroku. When we ranGoogle page speed insightsfor our website we were warned that we were not using Expires header for theassets.

Here are how the header looked for application.js.

Now you see the problem we are running into.

• Our application is hosted at Heroku.
• Heroku lets Rails serve the assets.
• Google page speed insights wants us to set Expires header to the assets.
• Rails application allows only one header for the assets and that is'Cache-Control`.

One easy solution is to host our website atDigital Ocean and then use Apache or NGINX.

Rails 5 saves the day

Recently Railsmerged basic support for access control headersand added ability to define custom HTTP Headers on assets served by Rails.

Behind the scenes, Rails uses ActionDispatch::Static middleware to take careof serving assets. For example, a request to fetch an image, goes throughActionDispatch::Static in the request cycle. ActionDispatch::Static takescare of serving Rack::File object from server with appropriate headers set inthe response. The served image can have headers like Content-Type,Cache-Control.

Start using Rails master

To fix this, we first pointed the App to use Rails master.

gem 'rails', github: 'rails/rails'gem 'rack', github: 'rack/rack' # Rails depends on Rack 2gem 'arel', github: 'rails/arel' # Rails master works alongside of arel master.

Next, we changed asset configuration to start providing and using missing headerfor Expires.

# production.rbconfig.public_file_server.headers = {  'Cache-Control' => 'public, s-maxage=31536000, max-age=15552000',  'Expires' => "#{1.year.from_now.to_formatted_s(:rfc822)}"}

Here, we are first setting the Cache-Control header to use public(intermediate) caching, for a year (31536000 seconds) with max-age ands-maxage. Here s-maxage stands for Surrogate cache, which is used to cacheinternally by Fastly.

We then provide the missing Expires value with some future date in Internetformatted time value.

With this setup, we can see PageSpeed pickups the new headers on assets and doesnot warn us for the missing header.

Here is the changed response header for asset.

Further Reading

For better use and more details about different headers to use for the assets,please refer toRFC 2616.