Rails Plugin: Dynamic Session Expiry

With session_lifetime you can set after how much time of inactivity your session should expire, you can execute an action when the session expires, and you can set where to redirect_to after session expiry.
Example

  class ApplicationController << ActionController::Base
    expires_session :time => 2.hours, :redirect_to => '/login'

    protected
    def on_expiry
      flash[:notice] = "Your session has been expired, and you have been logged out."
    end
  end

Get it from

git://github.com/DefV/session_lifetime.git

Rails Plugin: import_svn

This plugin imports a rails project into subversion (excluding tmp files, logs and more) and converts the current directory to a working copy of that project.

SvnImport goes a little bit further than just adding everything; it ignores resources such as logs, tmp files and database.yml and environment.rb.

For the database.yml and environment.rb files, SvnImport creates template files, and provides a task for copying them back after checkout. This allows each developer to have their own database settings and/or keep the password for the production database out of version control.

Installation


script/plugin install https://svn.cjohansen.no/rails/plugins/svn_import/trunk


Usage


rake svn:import


This task will only successfully run once - before the applicaton has been added to subversion. Once it's been added, the task will no longer do anything. When a new developer checks out the project, she can get the standard setup by doing:


rake svn:setup


Source

Precentage proxy for Ruby's Numeric class

Just a little something i did, cause it usually takes me about 15 minutes to calculate a percentage conversion.
is anyone else checking/calculating dates in irb/console?
"Elad, in 2 weeks you have a dentist appointment!"
"mmm.... "


script/runner 'puts 2.weeks.from_now'


hehe,
but the method today's post is about, is the percent_from i did, so here it is.


class Numeric
def precent_from(num = 100)
self.to_f * (num.to_f / 100.0)
end
end


which comes out as:


>> 40.precent_from(1000)
=> 400.0
>> 6.precent_from(1000)
=> 60.0


remote_form_for with no-ajax support


<% form_remote_tag :url => {:controller => \'/posts\', :action => \'view\'},
:html => {:action => {:controller => \'/posts\', :action => \'view\', :id => @id}} do %>
<%= submit_tag \'View\' -%>
<% end %>


<form action=\"/posts/view/1\" method=\"post\"
onsubmit=\"new Ajax.Request(\'/posts/view/1\',
{asynchronous:true, evalScripts:true, parameters:Form.serialize(this)}); return false;\">
<input type=\"submit\" value=\"View\" />
</form>


Tip: Finding all Unread messages in your gmail inbox

I have about 3000+ mail and i get something like 20-40 relevant messages a day, i usually very orgenized and i sort the incoming messages once an hour.
Now i had about unread messages that i missed in my inbox and wanted to find them, after a short quest i found this:

in the top search enter

label:unread in:inbox

and yaaa, all unread messages are found. you can drop the in:inbox and get your entire list of unread messages, including other labels.

String boolean: MethodMissing fun!

Check out this one, this is way i love rails.

elad = "smart"
elad.smart? # => true

using method_missing on the String object

def method_missing(method_name, *arguments)
  if method_name.to_s.ends_with?("?")
    self == method_name.to_s[0..-2]
  else
    super
  end
end

Simple install Git on Leopard


mkdir -p ~/Downloads/src
cd ~/Downloads/src

# Set options since we don't have GNU gettext installed
export TCL_PATH=`which tclsh`
export NO_MSGFMT=1
export GIT_VERSION='1.6.0.2'

# Get and install git
curl -O "http://kernel.org/pub/software/scm/git/git-$GIT_VERSION.tar.bz2"
tar xjvf "git-$GIT_VERSION.tar.bz2"
cd "git-$GIT_VERSION/"

# When on Mac OS X
./configure
make
sudo make install

cd ..

# Install Man Pages
curl -O "http://kernel.org/pub/software/scm/git/git-manpages-$GIT_VERSION.tar.bz2"
sudo tar xjv -C /usr/local/share/man -f "git-manpages-$GIT_VERSION.tar.bz2"



Update: Rails 2.1 globalize plugin - Fix

I am using globalize since ever, I always prefered it over gettext or what ever taylor made i18n solution out there.
It seems to be that there is a problem with the action method of date_select, or if to be more specific, the month_select helper produces a "wrong number of arguments" exception... I droped the usage of the globalize plugin for meantime... But I am really looking forward for a real solution... Anyone?

Update
i found a post a about a Rails 2.1 compliant Globalize plugin release. it is currently working for me with no special problems.

Installation:


script/plugin install git://github.com/heythisisnate/globalize.git


updated: Brand new Rails security for 2.1

update: link target changed.

uhh, i know a guy that make a whole bunch of money just by pointing out security holes in web applications.
Most of the people don't even realize how much work is needed in order to even start to make your application in a minimal security level, there are so many ways in which evil hackers (or just playful kids) can disfigure your site, steal information or damage your site data integrity and eventually sending your application in a DOS oblivion.
Rails is not different, there are many traps to hop over, many standards and code implementation techniques to use.. lucky for us, our guys at the Rails HackFest are working hard on updating the rails documentation and menuals in order to make our life easier once more

I would generally recommend to read ALL what you can find in the Rails 2.1 Manuals page and put a great focus on the Rails Security Manual

What is with Mac users?

Great post, as a mac-men, I appreciate every word.

http://howgoodisthat.wordpress.com/2008/10/24/what-is-it-with-mac-users/

Ruby on Rails 2.2 Release Notes

Rails 2.2 delivers a number of new and improved features. This list
covers the major upgrades, but doesn't include every little bug fix
and change. If you want to see everything, check out the list of
commits in the main Rails repository on GitHub.

Along with Rails, 2.2 marks the launch of the Ruby on Rails Guides,
the first results of the ongoing Rails Guides hackfest. This site will
deliver high-quality documentation of the major features of Rails.

http://guides.rubyonrails.org/2_2_release_notes.html

Lighting Fast Ruby On Rails security checklist

Ruby on Rails Security checklist for models:

1. Use attr_accessible (or attr_protected if you must) to explicitly identify attributes that are accessible by .create and .update_attributes. Just because you don't expose an attribute on an edit form doesn't mean that someone won't try to post a value to it. I prefer attr_accessible over attr_protected as it fails on the side of safety when new fields are added to a model - you have to explicitly expose new fields.
2. Make sure queries are using the Rails bind variable facility for parameters, not string concatenation or the handy Ruby's #{...} syntax.
3. Use validations to prevent bad input.

Ruby on Rails Security checklist for controllers:

1. Make non-action controller methods private (if possible).
2. If non-action controller methods must be public, identify them with hide_action to prevent unwanted execution.
3. Make sure before_filters are in place if necessary for your authorization infrastructure.
4. Move queries from your controller to your model, and see the model checklist above.
5. Check for params[:id] usage - are you sure you can trust it? Check for proper ownership of the record.
6. Check for usage of hidden fields - a user can send anything to you through them, so treat them with suspicious just as params[:id] should be suspect.
7. Use filter_parameter_logging to prevent entry of sensitive unencrypted data (passwords, SSN's, credit card numbers, etc.) in your server logs.
8. Forget about your view code for a minute, and think about how to protect your controller from posts a malicious user could make to any of your exposed methods. All parameters (whether or not exposed on a form, and whether or not invisible) are suspect to length overruns, bypassing of any browser based validation, attacks with malformed data, etc.

Ruby on Rails Security checklist for views:

1. Make sure all data displayed is escaped with the helper method h(string).
2. Eliminate comments in your views that you don't wish the entire world to see.

Google Analytics: Tracking AJAX and Flash

Google Analytics has a new feature that Ajax & Flash developers will find extremely useful . According to the new article, is now possible to track page views in Ajax & Flash applications. And, it is simple.


http_request.onreadystatechange = sendAlert;
http_request.open(’GET’, url, true);
http_request.send(null);
}

function sendAlert() {
if (http_request.readyState == 4) {
if (http_request.status == 200) {
alert(http_request.responseText);
pageTracker._trackPageview("/pagefilename1" ); }
else {
alert(’Error.’);
}
}
}

An important usage tip about this feature is that, Google Analytics codes are normally installed just before the /body tag. When calling _trackPageview function, you’ll need to use it after the Analytics codes are included. Which means installing the Analytics codes just after the tag is a guaranteed solution.

Tip: 21 Ruby tricks you must use

From RubyInside at 21 Ruby tricks you must know

ERROR: While executing gem … (ArgumentError)

After a recent upgrade to a newer rails version the gem package manager seems to be broken. Everytime you try to use gem install gem_name, you get the following error:

ERROR:  While executing gem ... (Gem::GemNotFoundException)

Deleting the cached files as suggested in other posts results in the error:

ERROR:  While executing gem ... (ArgumentError)

Solution
As suggested, you need to do:

gem install rubygems-update
update_rubygems

which should be updating the gem version to the latest one, ie 1.3.0