Category Archives: Ruby

Using soap4r with .NET web services authenticated with WSSE

Recently I had to consume a .NET web service that uses WSSE based authentication. Thanks to the intarweb, I was able to get started with soap4r and insert WSSE authentication headers into my SOAP requests.The samples available on the tracker are also quite comprehensive, other than being light on explanation.

I did encounter an error when using the automatically generated client application:

ruby WSDLService_PortClient.rb
./defaultMappingRegistry.rb:5: uninitialized constant SOAP::Mapping::EncodedRegistry (NameError) from ./defaultDriver.rb:2:in `require'
from ./defaultDriver.rb:2
from ./WSDLService_PortClient.rb:2:in `require'
from ./WSDLService_PortClient
.rb:2

It appears that the soap library provided with Ruby 1.8.6 is being used instead of the soap4r gem. The version bundled with Ruby doesn’t have some classes referenced by the generated stubs (from wsdl2ruby) as well as a bunch of other functionality.

The solution is simple (after knowing what’s wrong of course): explicitly reference the gem so that Ruby knows which one to use.

require 'rubygems'
gem 'soap4r'

Just insert this snippet before the code that references the missing classes and you’re good to go.

Advertisements

Specifying raising of errors in RSpec

RSpec allows a developer to specify that an error is raised within a block with the raise_error method. It’s a nice expressive way of saying that your code should fail when it needs to.

But my tiny brain has often been confused with using it at times, more so when the error class requires parameters for instantiation and when used in conjunction with the and_raise method on a stub or a mock

Consider the snippet below where my Widget depends on Thingamajig to do its funky thing in order to run. But Thingamajig is rigged to explode in a mass of funkyness and make Widget all useless.

describe Widget do
it "should re-raise errors as a Widget::UnrecoverableError" do
# expectations
thingamajig = stub(Thingamajig)
thingamajig.should_receive(:do_funky_thing).and_raise(Thingamajig::FunkyExplosion.new('The funky thang exploded yo'))

# our SUT
widget = Widget.new(thingamajig)

#verification
lambda { widget.run }.should raise_error(Widget::UnrecoverableError, 'The funky thang exploded yo')
end
end

Do you notice the inconsistency between the way errors are declared in the expectation and the actual verification?

# expectations
thingamajig.should_receive(:do_funky_thing).and_raise(Thingamajig::FunkyThingExplosion.new('The funky thang exploded yo'))

#verification
lambda { widget.run }.should raise_error(Widget::UnrecoverableError, 'The funky thang exploded yo')

The expectation on the stub, ‘thingmajig’ needs the exception instantiated first while verification requires the class name and parameters used to instantiate the error instance.

And no, doing it like this doesn’t work as expected:

lambda { widget.run }.should raise_error(Widget::UnrecoverableError.new('The funky thang exploded yo'))

It’s an unfortunate impedance mismatch that might be caused due to the way Ruby handles the raising of errors.

Using cruisecontrol.rb with repositories without anonymous access

I decided to use cruisecontrol.rb for continuous integration of an application that I’m working on at Bezurk. So I downloaded the 1.2.1 release from RubyForge and proceeded to add the project repository to the local installation of cruisecontrol.rb.

douglas@macbookpro:~$ ./cruise add MyProject --url http://path.to/repository --username 'douglas' --password 'guessable'
douglas@macbookpro:~$ ./cruise build MyProject
Builder for project 'MyProject' started
Logging to: /Users/douglas/Development/Ruby/cruisecontrolrb-1.2.1/log/MyProject_builder.log
Build loop failed
BuilderError: svn: PROPFIND request failed on '/svn/my_project/trunk'
./script/../config/../app/models/subversion.rb:98:in `execute_in_local_copy'
./script/../config/../lib/command_line.rb:86:in `call'
./script/../config/../lib/command_line.rb:86:in `e'
./script/../config/../lib/command_line.rb:84:in `popen'
./script/../config/../lib/command_line.rb:84:in `e'
./script/../config/../lib/command_line.rb:71:in `execute'
./script/../config/../lib/command_line.rb:70:in `chdir'
./script/../config/../lib/command_line.rb:70:in `execute'
./script/../config/../app/models/subversion.rb:89:in `execute_in_local_copy'
./script/../config/../app/models/subversion.rb:85:in `chdir'
./script/../config/../app/models/subversion.rb:85:in `execute_in_local_copy'
./script/../config/../app/models/subversion.rb:44:in `latest_revision'
./script/../config/../app/models/project.rb:228:in `new_revisions'
./script/../config/../app/models/change_in_source_control_trigger.rb:8:in `revisions_to_build'
./script/../config/../vendor/rails/actionpack/lib/../../activesupport/lib/active_support/core_ext/symbol.rb:10:in `__send__'
./script/../config/../vendor/rails/actionpack/lib/../../activesupport/lib/active_support/core_ext/symbol.rb:10:in `to_proc'
./script/../config/../app/models/project.rb:223:in `collect'
./script/../config/../app/models/project.rb:223:in `revisions_to_build'
./script/../config/../app/models/project.rb:202:in `build_if_necessary'
./script/../config/../app/models/polling_scheduler.rb:13:in `run'
./script/builder:79
./script/builder:78:in `catch'
./script/builder:78
./cruise:14:in `load'
./cruise:14:in `builder'
./cruise:68:in `send'
./cruise:68
/opt/local/lib/ruby/1.8/fileutils.rb:121:in `chdir'
/opt/local/lib/ruby/1.8/fileutils.rb:121:in `cd'
./cruise:67

Hmm, what’s with the svn: PROPFIND error? Looking at the stracktrace doesn’t tell me alot about what’s going wrong here, let’s try logging errors to the console.

--SNIP--
douglas$ svn --non-interactive info --xml
douglas$ svn --non-interactive log --revision HEAD:20 --verbose --xml
svn: PROPFIND request failed on '/repository/trunk'
svn: PROPFIND of '/repository/trunk': authorization failed (http://svnhost.com)
--SNIP--

It happens that my repository does not have anonymous access and requires a subversion user account to do anything useful. So it should be obvious that cruisecontrol.rb is trying to get log info from the repository but subversion is quitting with authentication errors because no user credentials are being supplied.

I need to have cruisecontrol.rb make use of the –username and –password options when making queries to the repository when I give it the credentials for access.

My first stop is the app/models/subversion.rb. Only the checkout method uses the username and password instance variables. Subversion should only include the –username and –password options when executing svn commands when both the username and password instance variables are present.

[ruby]
test/unit/subversion_test.rb

def test_svn_command_uses_user_password_when_provided
	svn = Subversion.new(:username => 'jer', :password => "crap")

	svn.expects(:info).with(dummy_project).returns(Subversion::Info.new(10, 10))
	svn.expects(:execute).with(["svn", "--non-interactive", "log", "--revision", "HEAD:10", "--verbose", "--xml",
								"--username", "jer", "--password", "crap"],
								{:stderr => './svn.err'}).yields(StringIO.new(LOG_ENTRY))

	svn.latest_revision(dummy_project)
end

app/models/subversion.rb

def checkout(target_directory, revision = nil, stdout = $stdout)
	@url or raise 'URL not specified'

	options = [@url, target_directory]
	options < < "--revision" << revision_number(revision) if revision

	# need to read from command output, because otherwise tests break
	execute(svn('co', options)) do |io|
	begin
		while line = io.gets
			stdout.puts line
		end
		rescue EOFError
		end
	end
end

def svn(operation, *options)
	command = ["svn"]
	command << "--non-interactive" unless @interactive
	command << operation
	command += options.compact.flatten
	command += ['--username', @username, '--password', @password] if @username and @password
	command
end
[/ruby]

The username and password would then be injected into the project’s Subversion instance in the cruise_config.rb file for each project.

[ruby]
Project.configure do |project|
    project.source_control.username = 'douglas'
    project.source_control.password = 'guessable'
end
[/ruby]

I’ve submitted a ticket along with a patch for this on cruisecontrol.rb’s tracker. Keep a lookout for it if you happen to encounter the same problem.

Serializing custom Ruby classes with YAML

I needed to be able to save an array of POROs (plain old Ruby objects) to the database on a Rails project that I’m currently working on. That should be easy, right?

This ought to do the job, yes?:
class MyModel < ActiveRecord::Base
serialize attribute_name
end

However, this didn’t quite work as advertised, the objects being returned were typed as YAML::Object instead of the actual class being serialized. Turns out that YAML is unable to find the reference to the actual class and so its falling back to using YAML::Object as the generic class type for deserialised objects. The answer to this: Rails ticket #7537.

Take a look at the YAML documentation for all the gory details.

Raising URI::InvalidURIError from a perfectly valid URI

I was puzzled by URI::parse raising an URI::InvalidURIError on a perfectly well formed URI recently.

[ruby]
URI::InvalidURIError: bad URI(is not URI?): http://practicalguile.com/articles?query=latest
from /opt/local/lib/ruby/1.8/uri/common.rb:436:in `split’
from /opt/local/lib/ruby/1.8/uri/common.rb:485:in `parse’
from (irb):2
from :0
[/ruby]

What’s not apparent in this exception message is that the url contained a trailing space and this was causing URI.parse to fail. The following specifications demonstrate how it can trigger this particular exception.

uri.spec.rb
[ruby]
require ‘rubygems’
require ‘spec’
require ‘uri’

describe URI do
it “should raise an InvalidURIException with leading whitespace in url” do
lambda{ URI.parse(‘ http://www.ruby-lang.org&#8217;) }.should raise_error(URI::InvalidURIError)
end

it “should raise an InvalidURIException with trailing whitespace in url” do
lambda{ URI.parse(‘http://www.ruby-lang.org ‘) }.should raise_error(URI::InvalidURIError)
end
end
[/ruby]

Running the spec will get you the result below.

ruby uri.spec.rb

..Finished in 0.030051 seconds

2 examples, 0 failures

Looking at the stacktrace in the exception, it’s being raised by URI.split after URI.parse is invoked with the offending URL.

RUBY_INSTALL/1.8/uri/common.rb

[ruby]
def self.parse(uri)
scheme, userinfo, host, port,
registry, path, opaque, query, fragment = self.split(uri)

if scheme && @@schemes.include?(scheme.upcase)
@@schemes[scheme.upcase].new(scheme, userinfo, host, port,
registry, path, opaque, query,
fragment)
else
Generic.new(scheme, userinfo, host, port,
registry, path, opaque, query,
fragment)
end
end
[/ruby]

Nothing weird happening in URI.parse, its a straightforward call to URI.split. So I’ll go into URI.split, comments removed for brevity.

[ruby]
def self.split(uri)
case uri
when ”
when ABS_URI
scheme, opaque, userinfo, host, port,
registry, path, query, fragment = $~[1..-1]

if !scheme
raise InvalidURIError,
“bad URI(absolute but no scheme): #{uri}”
end
if !opaque && (!path && (!host && !registry))
raise InvalidURIError,
“bad URI(absolute but no path): #{uri}”
end
when REL_URI
scheme = nil
opaque = nil

userinfo, host, port, registry,
rel_segment, abs_path, query, fragment = $~[1..-1]
if rel_segment && abs_path
path = rel_segment + abs_path
elsif rel_segment
path = rel_segment
elsif abs_path
path = abs_path
end
else
raise InvalidURIError, “bad URI(is not URI?): #{uri}”
end

path = ” if !path && !opaque # (see RFC2396 Section 5.2)
ret = [
scheme,
userinfo, host, port, # X
registry, # X
path, # Y
opaque, # Y
query,
fragment
]
return ret
end
[/ruby]

URI.split is matching the incoming url with an empty string as well as regular expressions for absolute and relative URIs. It’s obvious from the specifications earlier that urls with leading/trailing whitespace do not match any of these and the case statement raises InvalidURIError, with the rather misleading message.

The regexes used for matching absolute and relative URIs is shown below, if you really want to know.
[ruby]
require ‘uri’
include URI::REGEXP

ABS_URI
/^
([a-zA-Z][-+.a-zA-Zd]*): (?# 1: scheme)
(?:
((?:[-_.!~*'()a-zA-Zd;?:@&=+$,]|%[a-fA-Fd]{2})(?:[-_.!~*'()a-zA-Zd;/?:@&=+$,[]]|%[a-fA-Fd]{2})*) (?# 2: opaque)
|
(?:(?:
//(?:
(?:(?:((?:[-_.!~*'()a-zA-Zd;:&=+$,]|%[a-fA-Fd]{2})*)@)? (?# 3: userinfo)
(?:((?:(?:(?:[a-zA-Zd](?:[-a-zA-Zd]*[a-zA-Zd])?).)*(?:[a-zA-Z](?:[-a-zA-Zd]*[a-zA-Zd])?).?|d{1,3}.d{1,3}.d{1,3}.d{1,3}|[(?:(?:[a-fA-Fd]{1,4}:)*(?:[a-fA-Fd]{1,4}|d{1,3}.d{1,3}.d{1,3}.d{1,3})|(?:(?:[a-fA-Fd]{1,4}:)*[a-fA-Fd]{1,4})?::(?:(?:[a-fA-Fd]{1,4}:)*(?:[a-fA-Fd]{1,4}|d{1,3}.d{1,3}.d{1,3}.d{1,3}))?)]))(?::(d*))?))?(?# 4: host, 5: port) |
((?:[-_.!~*'()a-zA-Zd$,;+@&=+]|%[a-fA-Fd]{2})+) (?# 6: registry)
)
|
(?!//)) (?# XXX: ‘//’ is the mark for hostport)
(/(?:[-_.!~*'()a-zA-Zd:@&=+$,]|%[a-fA-Fd]{2})*(?:;(?:[-_.!~*'()a-zA-Zd:@&=+$,]|%[a-fA-Fd]{2})*)*(?:/(?:[-_.!~*'()a-zA-Zd:@&=+$,]|%[a-fA-Fd]{2})*(?:;(?:[-_.!~*'()a-zA-Zd:@&=+$,]|%[a-fA-Fd]{2})*)*)*)? (?# 7: path)
)(?:?((?:[-_.!~*'()a-zA-Zd;/?:@&=+$,[]]|%[a-fA-Fd]{2})*))? (?# 8: query)
)
(?:#((?:[-_.!~*'()a-zA-Zd;/?:@&=+$,[]]|%[a-fA-Fd]{2})*))? (?# 9: fragment)
$/xn

REL_URI
/^
(?:
(?:
//
(?:
(?:((?:[-_.!~*'()a-zA-Zd;:&=+$,]|%[a-fA-Fd]{2})*)@)? (?# 1: userinfo)
((?:(?:(?:[a-zA-Zd](?:[-a-zA-Zd]*[a-zA-Zd])?).)*(?:[a-zA-Z](?:[-a-zA-Zd]*[a-zA-Zd])?).?|d{1,3}.d{1,3}.d{1,3}.d{1,3}|[(?:(?:[a-fA-Fd]{1,4}:)*(?:[a-fA-Fd]{1,4}|d{1,3}.d{1,3}.d{1,3}.d{1,3})|(?:(?:[a-fA-Fd]{1,4}:)*[a-fA-Fd]{1,4})?::(?:(?:[a-fA-Fd]{1,4}:)*(?:[a-fA-Fd]{1,4}|d{1,3}.d{1,3}.d{1,3}.d{1,3}))?)]))?(?::(d*))? (?# 2: host, 3: port)
|
((?:[-_.!~*'()a-zA-Zd$,;+@&=+]|%[a-fA-Fd]{2})+) (?# 4: registry)
)
)
|
((?:[-_.!~*'()a-zA-Zd;@&=+$,]|%[a-fA-Fd]{2})+) (?# 5: rel_segment)
)?
(/(?:[-_.!~*'()a-zA-Zd:@&=+$,]|%[a-fA-Fd]{2})*(?:;(?:[-_.!~*'()a-zA-Zd:@&=+$,]|%[a-fA-Fd]{2})*)*(?:/(?:[-_.!~*'()a-zA-Zd:@&=+$,]|%[a-fA-Fd]{2})*(?:;(?:[-_.!~*'()a-zA-Zd:@&=+$,]|%[a-fA-Fd]{2})*)*)*)? (?# 6: abs_path)
(?:?((?:[-_.!~*'()a-zA-Zd;/?:@&=+$,[]]|%[a-fA-Fd]{2})*))? (?# 7: query)
(?:#((?:[-_.!~*'()a-zA-Zd;/?:@&=+$,[]]|%[a-fA-Fd]{2})*))? (?# 8: fragment)
$/xn
[/ruby]

Looks rather intimidating, doesn’t it? However, we’re more interested in the beginning and end of the regular expressions so its safe to ignore all the stuff in between. Narrowing our focus down to the regex anchors (^ and $), we can see that there is no matching of whitespace, thus preventing a valid URI from being matched in URI.split.

This all means that URI.split has a undocumented pre-condition on the uri parameter being stripped of any whitespace around it.

Using Factories for Rails Fixtures and Test Doubles

Chris Wanstrath has written about making Rails fixtures less painful than they need to be with the FixtureScenarios plugin. Personally, I prefer the Factory approach, nicely explained by Daniel Manges.

I’ve been using factory methods to create in-database ActiveRecord objects for a project that I’ve been working on in Bezurk. Reading Daniel’s article gave me a few ideas on improving the way I create fixtures and mocks. Since I’ve been using RSpec extensively in this project, I’ll present the examples in RSpec.

As the models evolve with the design and its behaviour change accordingly, there is a need to go through all the specifications that create this model and make sure that its created in a valid state. This is more pronounced with the use of test doubles, the test doubles also need to have its method stubs changed to reflect the latest state of the model that its is representing. I happen to make much use of test doubles for test isolation, so trying to manage all these objects became an exercise in patience. As it was getting painful, It’s time to change the way I create these models and test doubles.

As always, a layer of indirection will always go some way to solving a software problem. We introduce a Factory that encapsulates the creation of ActiveRecord objects by providing creation methods.

[ruby]
module FixtureFactory
def create_user(attributes = {})
User.create!(ModelAttributes.user(attributes))
end
end
[/ruby]
We’ll have a Factory for test doubles too.

[ruby]
module MockFactory
def mock_user(method_stubs = {})
mock_model(User, ModelAttributes.user(method_stubs))
end
end
[/ruby]
And the attributes for this model will be declared in a module that’s used by both Factories

[ruby]
module ModelAttributes
def self.user(attributes)
attributes.reverse_merge({:name => ‘doug’})
end
end
[/ruby]

The Factory modules are then included in Spec::Runnner

[ruby]
Spec::Runner.configure do |config|
include FixtureFactory
include MockFactory
end
[/ruby]

The objects can now be created using the factory methods available to all specifications.

[ruby]
doug = create_user
doppelganger = mock_user
[/ruby]

Update
Added links to Chris Wanstrath and Daniel Manges’ articles on managing Rails fixtures.

RSpec your functional tests

The release of RSpec 0.9.4 can be considered a landmark release of sorts. With the inclusion of Spec::Ui 0.2.0, RSpec can now perform functional testing of web applications within a browser. Out of the box support is limited to Watir/Internet Explorer for now as the Selenium RC custom matchers are not implemented yet. includes WATIR/Windows and Watirsafari/OSX. The custom matchers for Selenium RC are not implemented yet but its certainly possible to use Selenium with Spec::Ui, it just won’t read as nicely compared to WATIR. Spec::Ui also comes with a custom result formatter that packages a screenshot of the browser on spec failure, along with its HTML source in the report.

To use Watirsafari in your functional specs, you’ll need to install the gem for it: gem install watirsafari

spec_helper.rb should be updated to include the snippet below (code lifted from the original release announcement):

[ruby]
Spec::Runner.configure do |config|
config.include Spec::Matchers::Watir
end
[/ruby]

The specification will need before and after blocks like this:
[ruby]
before(:all) do
@browser = Watir::Browser.new
end

after(:each) do
# This is needed to make screenshots work
Spec::Ui::ScreenshotFormatter.browser = @browser
end

after(:all) do
@browser.kill! rescue nil
end
[/ruby]

There are a lot more useful information available in the examples supplied with Spec::Ui. Take a look at the samples to get up and running.

Update
My thanks to Aslak Hellesoy for correcting me on support for WATIR and Selenium.

Have full disclosure for code vulnerabilities

The Rails core team released 1.1.6 of the framework today, a day after 1.1.5 was released. This was to fix a serious vulnerability in the Routes module. The core team has been extremely prompt in publicising the hole and in releasing fixes.

However(you know there had to be one), I take issue with how the first fix release (1.1.5) was handled. It appears that this release did not fully rectify the problem, hence the need for 1.1.6. While DHH revealed the reasons for 1.1.5, he did not detail exactly what was wrong, opting for a security through obscurity approach.

In retrospect, a full disclosure policy would have been a better move. This would have given developers more information in deciding whether to shut down their sites, in view of the implications(data loss/theft et al) of having it compromised.

That said, if you’re running a rails web application in the wild, UPGRADE NOW.

EDIT: mixed up my rails versions, doh!

Automatically creating files for file_column models in Fixtures

I wanted to be able to have my testing regime automatically create files associated with model fixtures defined in the fixture files. Coincidentally, I’m using Sebastien Kanthak’s file_column plugin for managing files in models.

After looking at the Fixture class and the FileColumn module, I realised that I needed a way to store the model attribute(s) that were passed in the call to file_column. What FileColumn did was create the methods according to the attribute passed into the method but the attribute itself is not actually stored anywhere.

Time to extend FileColumn:

[ruby]require File.join(RAILS_ROOT, ‘vendor’, ‘plugins’, ‘file_column’, ‘lib’, ‘file_column’)

module FileColumn
module ClassMethods
@@file_column_attributes = {}
alias :aliased_file_column :file_column
def file_column(attr, options = {})
aliased_file_column(attr, options)
klass = self.name.constantize
@@file_column_attributes[klass] ||= []
@@file_column_attributes[klass] << attr
end

def file_attributes
@@file_column_attributes[self.name.constantize]
end
end
end[/ruby]

As the name implies, the methods in ClassMethods are class methods on the including class. So in order to store the file_column attributes, we need a class variable, @@file_column_attributes. This variable is a hash with the model class name as the key and an array containing the attributes.I'll also implement a class method so that I'll be able to do Model.file_attributes and know what attributes have been file_columnised.

Next, we'll need to change the way fixtures are populated to the test database. This involves extending the Fixtures class.

We'll do this in test_helper.rb

[ruby]
require 'fileutils'
class Fixtures
SAMPLE_FILE = File.join(Test::Unit::TestCase.fixture_path, 'files', 'sample.pdf')
include FileUtils

alias :original_insert_fixtures :insert_fixtures

def insert_fixtures
original_insert_fixtures
create_files(@class_name, values) unless @class_name.constantize.file_attributes.nil?
rescue NameError
# workaround for HABTM fixtures
end

def create_files(klass, values)
model_dir = File.join(Test::Unit::TestCase.fixture_path, 'media', 'uploads', klass.downcase)
values.each do |fixture|
klass.constantize.file_attributes.each do |attr|
create_file(fixture, attr, model_dir) unless attr.nil?
end
end
def create_file(fixture, attribute, parent_dir)
attribute = attr.to_s
dest_dir = mkpath(File.join(parent_dir, attribute, fixture['id'].to_s))
file_dest = File.join(dest_dir, fixture[attribute])
cp(SAMPLE_FILE, file_dest) unless fixture[attribute].nil? or File.exists?(file_dest)
end
end
[/ruby]

The extended insert_fixtures method first invokes original_insert_fixtures, then checks whether the model has any file_column attributes. If it does, the files defined in the fixtures will be created if they don't already exist.

EDIT: Running functional tests with rake test:functionals fails miserably even though running the tests individually is just fine.