So Whats left in Rails???

Organising form in Rails:

     You can create forms in rails which is either associated with a particular model or independently which can be associated with an entity created.When it is to be associated with a model first create an object to that model in the controller action that precedes the invoking of the corresponding view file.For eg if you are making a form in the new.html.erb then we have to initialize the object in the new action in the respective control.If the new object is 

pro1=Profile.new 

then after that new function the new.html s invoked.On clicking the submit on this the create action is invoked on the respective controller.

ON the other hand if you give 

pro1=Profile.find_by_id(current_user.id)

then it understands that it should move on to the  edit because the profile whose values whom you are going to enter is already present in the table and so it is redirected to the edit.html page and on creating the submit in that form the "update" action is invoked directly.

An example is

def new

     @pro1=Profile.new

end

in the html

<% form_for @pro1 do |r| %>

<% r.label :name %>

<% end %>

In case of newprofile @pro1 will be a new object ,on the other hand it will have the profile that it found.

If the form is not associated with a model then you wont create an object and pass instead you give  form_tag.

<% form_tag ("/new") do %>

         <% label_tag :name %>

<%end %>

User Authentication:

      There are a number of gems which does the authentication.One very useful one is the devise which has the options for password confirmation,recovery,tracability,password hint all other validations etc.You can also create your own authentication function using the Bcrypt gem or any other gem or your own ones as you wish.Bcrypt hashes and then stores the password.

If you have to authenticate any user for a particular user then you can specify it in single line  as shown

       http_basic_authenticate_with :name => "dhh", :password => "secret", :except => [:index, :show]

 Sessions:

     This can be accomplished by
->Session attribute -Just give sessions[:user_id]=user.id
and access it.THis remains as an internal hash.

     What kind of sessions to use??
->If session hash is created it can be created in the cookie and is vulnerable.It can be destroyed or stolen.
->Dont store large values in cookies.


The most common methods implemented are 
ActiveRecord::SessionStore and ActionDispatch::Session::CookieStore.
 
ActiveRecord::SessionStore : In this method the session id and the hash in the database and retrieves it as and when necessary.

 ActionDispatch::Session::CookieStore-In this the session data is stored in the cookies.

This cookie storage is again vulnerable to replay attacks so better option is to store in the database.

 

Testing in Rails: 

   Rails follows test driven development.First you write a test case and then carry out the development such that all the test cases satisfy.

Test is an automatic way to verify the correctness of a method,class etc.It is isolated.Starts with 

describe "test_case1" do

//give the assertion here

end

There are a number of assertions like assert_equal,assert_not_equal etc.The above method can be used to test individual methods or functions.

Fixtures:

IN case you want to simulate the actions of the browser or mouseclicks like a client tests your app,you can use fixtures or Capybara

Bundler:

You can specify all the gems which you want to install in the gemfile and then give "bundle install".This downloads all the required gems from the source and installs it.The version conflict problem is resolved by including gems like this.

RakeFile: 

Rakefile allows you to run tasks using the application's environment. There are plenty of other non-rails things that rake is useful for. Its not something Rails specific and you can use any Ruby code in it. Rails and many gems use rake for things like migrations, cron jobs, and any other task that needs to run outside the application server.

Sql injections:

 "SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises.

SELECT fieldlist
  FROM table
 WHERE field ='$email'

suppose the user enters it as ronamari15@gmail.com'..Then the field entered becomes 'ronamari15@gmail.com'
'.This creates a problem in the db because of the quote in the email id,since the data we entered can be a part of

 the where clause. 

Deep into rails!!

Capistrano:

•         This is an open source tool for running scripts on multiple server.
•         Supports changing of databases quickly.
•         Written in ruby language and is distributed as rubygems .
•         It executes command on parallel on multiple systems via the SSH.
•         Capistrano was originally designed to simplify and automate deployment of web applications to  distributed environments.
• It can also deploy web applications that are even written in other languages like php etc though written in ruby.
• >install gem capistrano is the command to install the gem.

Named Routes:

   These are used to provide name to the routes ,so that it is more easily accessible and recognised.An eg goes like this,

    match "users/prof/new" => prof#new ,:as=>"routee".

Now if we have to access that particular page in the link give it as

        link_to goooo routeee_path..

Install gems in a better way:

Now as i was telling abt the various gems in ruby I told the method of installing gems as sudo install the gem_name.But that is not the best method.There will be some clashes based on the versions of ruby and the various gems versions.The better method and the one to be followed is to give the "gem "devise" in the Gemfile and then in the terminal give "bundle install"

Nginix Applications:

->Kind of web server

->Manages Http requests,allows concurrent access.

->Follows event driven approach rather than the thread driven approach and supports multiple instances of the same application

->other eg)Apache tomcat which we commonly use.

Passenger:

 The most commonly used application servers are Thin, Passenger and Mongrel.

It is a very powerful application server which is robust.It handles the request sent by the web server effectively.

Passenger is what is easy to configure and is recommended by rails.

The basic Application Flow:
When a http request comes first it hits the routes.rb file.There based on the routing of the resources you give the control leads to the page that is pointed to by the "root :to" field.Then first it strikes the controller and the specific action.Once the action is completed it goes to the specific html page in the views.To display new.html first new is executed,if the object is created in new then it invokes the "create" method after the execution of new.html.erb of that model on "submit".If it is a retrieved item then it triggers the" update "action in the controller.
         If you want to have full control with the flow you can redirect the application flow using "redirect_to " and "render".render doesnt invoke the controller and the model.It just renders the view."redirect_to" creates a http req goes through the model and the controller and with the result renders the view page.

Evolving your Database:1)Create the model 2)Create a database rake db:create 3)give rake db:migrate 4)make migrations and keep repeating the step 3 for each change to update.