Carrying on from
I had everything in place to run my tests, almost all of my functional
tests failed complaining “no method csrf_meta_tags”. Ahh right, I am
not running the stock Rails 2.3.5 gem in production. In February of
2011 the rails team put out a patch for a XSS vulnerability.
I was concerned that some of the changes between Rails 2.3.5 and
2.3.10 might interfere with my connection to my Oracle 8i database. I
was already having to do some monkey patching of the
activerecord-oracle_enhanced-adapter so I could continue to use it. So
instead of upgrading my gems to Rails 2.3.11, I applied the patch and
<%= csrf_meta_tags %> to all of my
layouts. Since the point of what I am doing is to upgrade my gems, for
now I just commented out the offending line in each of my layouts.
OK now that I actually run some functional tests, there are a couple of other things that are not working properly. On my production (and usual development) machines, I have ssl configured and my application uses the ssl-requirement plugin to require my login pages are only accessible under ssl. I don’t want to set up SSL on this temporary location, so for now I tweaked the plugin to claim that all protocols are ‘secure’. Also during a security audit, I was asked to only pass my user cookie over https to prevent session hijacking. Since I disabled SSL, then I can never login; so I had to temporarily disable the secure cookie requirement too. Interestingly a recent Railscast discussed session hihacking and provided example code basically like what I have.
The next set of failures in my functional tests are in tests that
check to see that I can only uplaod specific file types into the image
and documents sections of my CMS. By default my attachement processing
code, which uses attachment_fu, was using the content type provided
during file upload - which largely uses the file extension to
determine file type. To beef that up, I have extended attachment_fu to
use the shared-mime-info ruby gem. It works fine on my production
RHEL5 machine and as far as I can tell I have the same rpm + gem
combination on this test box. But it isn’t working. All of my file
uploads (in tests and from the browser) are getting back nil for the
mime-type. Looking at the code, that implies that the library thinks
it should be able to determine the file type but can’t. This may be
that I am not loading the library correctly in my Gemfile:
"shared-mime-info", :require => "shared-mime-info" But I have
already had trouble getting this to work on my collegue’s Leopard Mac
so there is already a work around in place for that. Again, for now I
am going to make this work around trigger all the time and see what
else I need to change to get this app on a supported version of Rails.
So after ignoring/working around the issues above, are all my tests and cucumber features passing? Yes! I am getting one warning when I run my cucumber features. I am being told that I need to update one of my steps that is reusing other existing steps. I have been using the original syntax that uses ‘When/Given/Then’. The warning tells me to use ‘step’ instead. I made that change and then moved on.
Rails 2.3.14 on Ruby 1.8.7
So, what happens when I update to the last of the 2.3.x releases - 2.3.14 at this time. I created a new rvm gemset, updated the rails line in my Gemfile, removed my Gemfile.lock, and did a clean bundle install. When I first tried to run my app, I got complaints that I did not have Rails 2.3.5 installed - which was coming from my config/environment.rb file:
So now let’s run our tests again. They pass, but this time with some additional deprecation warnings. The first set were complaints about the preferred location of the tasks directory inside my plugins. Errors like:
None of the directories that rake was complaining about actually contained any tasks so the simplest option would seem to be to remove the offending directories. Or it would be if they were in code I had written. But all of those plugins were code I was including using git submodules and pointing directly to the upstream repositories. I suspect that none of those plugins have been updated in a very long time. Perhaps the best/easiest option is to just include those plugins directly in my code. Which plugins do I need to alter: aftflr, aftimagr, authorization, and mimetype_fu. Of the 4, the only one that has had any updates is mimetype_fu. Mimetype_fu is used when I have to work around the lack of shared-mime-info code on the Mac (or on this test box). For now I think I’ll just include this in my code as is.