giant robots smashing into other giant robots
Written by thoughtbot
This week in open source
bourbon
As a programmer I love the change that made it into version 1.3.6 (10f978d) of bourbon: Phil LaPier (plapier) added to work done by Frank (frankzilla) to add a monospaced font family, $monospace—with support for Bitstream Vera Sans Mono, my favorite monospace typeface (3467fe3 and c86e5687). Nice.
paperclip
Friday saw a new release of paperclip (1cb40e3), in accordance with the prophecy. It contains Windows support, a bug fix, and two new features.
Prem Sichanugrist (sikachu) has been working on handling characters that are not URL-safe; to this end he added a :restricted_characters option to has_attached_file, with a default value of &$+,\/:;=?@<>\[\]\{\}\|\\\^~%# , which specifies characters to replace with an underscore, _ (8353518 and 604304e). Benjamin Hüttinger (maxigs) added the ability to pass a block, evaluated at runtime, for :fog_host, :bucket_name, and :fog_credential options (e049ec5, 2b562a9, 8742615, and 1c88a72).
The gem itself had problems installing on Windows because a bundled test made sure that filenames with question marks were handled fine; turns out this simply breaks on Windows. Even though no actual programmers use Windows, we removed the offending file (ed5cd9f). Jon Yurek (jyurek) fixed a long-standing bug where the RSpec matchers (validate_attachment_content_type, validate_attachment_presence, and validate_attachment_size) didn’t handle the :if argument they were supposed to handle (5d4ba62).
capybara-webkit
A new release of capybara-webkit is in the works, and this is what you’ll see in it: Matthew Mongeau (halogenandtoast) added the ability to trigger mousedown and mouseup events (51c4dfe and 16c1637) while Joe Ferris (jferris) has commands block until the page finishes loading (18607d0).
clearance
Oh sweet, a new version of clearance is out (6c0c070)! In it you’ll find support for Rails 3.2 from Gabe Berke-Williams (gabebw), mostly in following deprecation warnings (6e57d10). Some prodding from Matthew Daubert (MDaubs) prompted us to upgrade cucumber-rails to 1.1.1 (691e867 and 91f4675). Dan Hodge (danhodge) dropped a totally awesome change on us, abstracting out the User class into Clearance.configuration.user_model, which can be changed at runtime (085a9b6, a582eec, and fc6af70). Dude, that’s awesome.
fake_braintree
Holy cow it’s version 0.2.0 of fake_braintree (0be2aea). In this Gabe Berke-Williams (gabebw) gave us the ability to specify a constant amount for a transaction (783719c), and mimics the behavior around customers with failing credit cards (a2ceb58).
factory_girl
No big news in factory_girl this week. Carlos Antonio da Silva (carlosantoniodasilva) updated the docs to mention that .stub is now .build_stubbed (08018f6). Michael Klishin (michaelklishin) fixed the build on Travis CI for Rails 3.2 by updating rubygems first (850116d). Joshua Clayton (joshuaclayton) found a spec that was not appropriately named, and fixed it (0d67a42).
kumade
While kumade did not see a deploy this week, it did see some feature improvements, some of which come with an API change.
The hook for running code just before deployment was originally run_predeploy_task but is now run_pre_deploy_task (764aebe). Chad Boyd (hoverlover) made this change so he could introduce the run_post_deploy_task, which is further exposed as kumade:post_deploy to Rake (da74087, f68a487, and 9679018).
Kumade now works with more stuff: Jammit 0.6.5 (ec63310) thanks to Vesa Vänskä (vesan), and Ruby 1.9.3 (8e73b90) thanks to Gabe Berke-Williams (gabebw).
Gabe also fiddled with some source code (7e0e11e, bb695b9 and 92aa8f4).
copycopter_client
A small documentation update occured in copycopter_client by Joe Ferris (jferris), reminding us that you can leave the name of the controller or model off of the translation key only when using t from a view (6416897).
This week in open source
Deprecations
We have officially stopped maintaining the following open source products: limerick_rake, trout, shoulda-context, and jester. Do you want to take over any of them? Let us know!
kumade
The kumade Heroku deployer now has a rake task hook for running code before the deployment (8bd2824). This was done by Joshua Clayton (joshuaclayton) in the new version: 0.8.2 (52a9348).
paul_revere
The paul_revere notification gem has this sweet button to hide a notification. Ben Orenstein (r00k) changed the duration of this hiding from one day to one year (5a773d4).
bourbon
Phil LaPier (plapier) has released version 1.3.1 of bourbon, the much-loved collection of sass mixins (e90113c). In this version we have a new syntax for animation shorthands, which means the old shorthands are deprecated (e6dcbf5, a6d3a32, 89cc340). Get it while it’s hot!
pacecar
We have a gem that generates scopes for ActiveRecord objects, named pacecar, which you would love if you also love methods that magically appear. Matt Jankowski (mjankowski) released version 1.5.3 (06b5e8e) with support for Rails 3.1.3 and 3.0.11 (dcc30d4) and which treats decimals as numeric column types, giving you all the methods that you need for those, too (ff7bc67).
paperclip
The oft-used paperclip file uploader gem hit version 2.5.0 (071c938) with a NEWS file describing the changes, written by Mike Burns (mike-burns). That’s me. I like writing about changes.
Jim Ryan (jimryan) changed paperclip to process any :original style before all others, which can be useful in case order matters (f56e863 and d3db7a1).
Nathan Hyde gave us a performance gain by only generating the file’s fingerprint if it can be persisted (9fb9255 and 4e07681).
Alexander Greim (iltempo) landed a feature on us: S3 headers can be set at runtime by passing a block as the value of the headers instead of a static hash (a83de65 and 7a8d1e6).
Steve Madsen (sjmadsen) found an edge case where if you set an attachment, save it, set a new atachment, save it, then refresh the missing styles using the rake task, it will crash. And he fixed it (dc53432).
And Jon Yurek (jyurek) finally fixed Paperclip::Attachment such that it no longer overrides the Ruby hash method with an unrelated one (3fd4c96).
factory_girl
As usual, factory_girl got way more commits than I want to read over in one sitting. For example: Simone Carletti (weppos) added a ruby version dependency to the Gemspec (e6e4d8b). He also fixed the link to our blog (11a79a0 and 30e13dd).
Things like that.
So on the feature front, Evan Larkin (elarkin) made it such that factories still work if you define a class that overrides the to_s class method (8b3ee85). Dmytrii Nagirniak (dnagir) added support for neo4j (5246fda and 591ec7a). Joshua Clayton (joshuaclayton) made it such that you can call methods that are on the object from within a factory definition (d918c1d).
More wishy-washily, Josh made a bunch of refactorings, the most important of which speeds up the whole product (f2e4138). You can read the rest of the refactorings as code with good commit messages: 2e2d490, 40242e9, 32ff41f, ac1df1d, a022dda, 1c7eab1, d9e0372, and b734b58.
The README was improved with the status of all the dependent gems (768dfaa), by Steve Richert (laserlemon). Daniel Schierbeck (dasch) fixed the formatting of sample code (1e82889).
In the end, Josh released version 2.4.0 (69957ea).
capybara-webkit
Matthew Mongeau (halogenandtoast) had fun taking in pull requests on capybara-webkit. Joe Fiorini (joefiorini) added the requested_url method that produces the URL after a pushState (7f907a0). Niklas Baumstark (niklasb) added submit and path methods (352823d, d07cf3d, 21f4b84, 83905bb, 4ceb874).
John Hume (duelinmarkers) added support for JRuby (0979db4). Pete Gieser (pgieser) fixed a double-escaping bug in URLs (fccb444).
Matthew Mongeau (halogenandtoast) fixed the link to the Capybara README (e2c103c) and linked to the mailing list (d8c640d), and Jo Liss (joliss) recommended bundle exec in more places (7fe06e9).
clearance
Our authentication system aptly named clearance got some love from Chad Pytel (cpytel) and Joe Ferris (jferris), resulting in the release of clearance 0.14.0 (5471159, 214d1dd, and 0dc43a6). The big deal is that the deny_access RSpec match and the flash messages were totally borked. They fixed it (2085f03, 23df300, and 160366e).
fake_braintree
Version 0.1.1 of fake_braintree was released, in which Gabe Berke-Williams (gabebw) fixed a bug in the failure message for the have_accessor_for matcher (9d97aa6) and also refactored everything (0a45900, 59a7b60, 3daf2aa, 0f955c6, 3e8745f, bb1f339, 6d7d90c, ac0d550, d2f470e, 3c66129, 8cf7d9c, 157b2a7, 8f21376, 29429ef, e4cef67, 9928436, 94cca24, 7bd4e20, 2dde9ed, e775167, a72e31b, 57f3623, d580024, ad82f0e, 3385e12, cacb537, ae86ebe, c6cead6, a352f33, f7a6cf5, 9f1fb3b, 124706d, ef8b13a, and b20e318).
Fewer Rails flash messages
Clearance 0.12.0 was released last week with a continued focus on user and developer experience.
For users: flashes
We removed redundant flash messages like ‘Signed in.’, ‘Signed out.’, and ‘You are now signed up.’ because it was visually obvious when you completed those actions.
We previously used flashes more to follow typical Rails convention (in controllers, successes get a flash and a redirect and failures get error messages and a render template) than providing informational value to the user.
For users: redirects
When a user reset their password, they used to get redirected to the sign in page with a flash message that said ‘You will receive an email within the next few minutes. It contains instructions for changing your password.’
We changed that to render a create.html.erb template with the same text because the sign in form is not what you want to see when you don’t know your password. We also wanted to make it clear that you have to leave the app to continue.
These changes became more obvious as we started to use sexy CSS3 flashes, which displays the flash for a few seconds, then hides itself without breaking a layout.
For developers: Rails version support via Appraisal
Clearance now works with Rails 3.0.x, 3.1.x, and 3.2.x. We use Appraisal to test against these versions of Rails:
['3.0.20', '3.1.11', '3.2.12'].each do |rails_version|
appraise "#{rails_version}" do
gem 'rails', rails_version
end
end
For developers: no password necessary
We simplified the Cucumber features so developers don’t have to specify a password.
Previously:
Given I am signed up as "email@example.com/password"
When I sign in as "email@example.com/password"
Now:
Given I am signed up as "email@example.com"
When I sign in as "email@example.com"
We defaulted the factories so they always create users with password of “password”.
For developers: RSpec-compatible matcher
There’s a deny_access matcher. Since the earliest versions of Clearance, there was an “Shoulda macro”, which has fallen out of favor in place of matchers. This matcher only depends on Ruby and “should” work with any test framework like RSpec or Test::Unit.
Written by Dan Croak.
Email and password confirmation bias
I don’t believe email confirmation or password confirmation are desirable in web apps for early-stage startups.
Clearance
We wrote and maintain a user authentication and authorization Rails engine called Clearance. It serves a narrow focus for users to sign up, sign in, sign out, and reset their password, all using their email address and a password of their choice.
Clearance is almost 3 years old but we still use it on almost all of our projects. Each new project is an opportunity to re-evaluate what’s good and what sucks about Clearance.
User experience
Early on, our goal was mostly a great experience for developers, seen in things like:
- Generated Cucumber features
- Shoulda test helpers
- Consistent sign_{up,in,out} naming
Lately, our goal is a great experience for users, seen in things like:
- No email confirmation
- No password confirmation
- No 403 Forbidden status code (while technically correct, Chrome and other browsers display a scary screen for 403s)
- HTML5 email fields (so iPhone users and others get the @ sign on their keyboard)
- Lowercasing all emails (so iPhone users whose keyboard defaults the first letter to uppercase can still sign in without confusion)
See the CHANGELOG for more. The most unusual decisions were the confirmation decisions.
No email confirmation
When you sign up, you’re interacting with the product for the first time. Maybe you’ve heard good things from friends and have skimmed the landing page. Now, you want to try it. Your purpose is to get your hands on it.
So, you enter your email and password, then press “sign up”. If you’re presented with a screen like “please check your email to confirm your account”, you’re kind of bummed.
Maybe you have GMail open in another tab or maybe you’re an ⌘+Tab master and you flick over to Mail.app real quick, see the confirmation email, open it, click the confirmation link, which opens a new tab in your browser, signing you in and presenting you with a screen like “thanks for confirming your account”.
You just took about five actions, made about three decisions, and this is if you’re very savvy and already have your email client open. That, to me, is a burden. Why would you want to get your relationship started with a potential customer by burdening them?
We have numbers that show you lose customers this way. In one example, we have a consumer app with 9,204 email sign ups, but only 4,607 confirmations.
That’s a 50% conversion rate between a user declaring their intent to try the product and actually trying it.
By removing the email confirmation step, our conversion rate goes to 100%. Meanwhile, the user has only had to enter two fields, press “enter” or a “sign up” button, and they’re immediately signed in and using the product.
But what if someone mistypes their email address?
We think what we’ve provided now is a good user experience but you could argue that making sure the app can easily recover when someone mistypes their email address is also providing a good user experience.
For the moment, I’m trying to not let edge cases dictate how the majority of users interact with the library.
But what if spam becomes a problem?
It’s not a problem yet. As an early-stage startup, your problem is attracting, converting, and retaining users. Focus on that problem first, and deal with spam later.
No password confirmation
Have you ever enjoyed typing your password twice when you signed up for a product? The answer for most people is “no”, and that should drive this decision.
But what if someone mistypes their password?
By default, Clearance signs users in for a year. How often will people need to use their password? It depends on your app, but likely very rarely.
There’s also a password reset, which incidentally does rely on email confirmation. In this case, I hope the extra steps evoke more of a feeling of “that makes sense, they’re securing my account for me, someone who’s invested time into their product”.
User experience-driven open source
We’ll continue to test how people feel about the experience in each real product where we use Clearance. If my hypothesis that people feel good about the email confirmation on password reset turns out to be incorrect, I’ll experiment with the default copy in the flash messages and email body to see if we can move the needle on user’s feelings that way before changing the feature.
I’m excited about these user experience-driven changes to our open source library and I hope you’ll put them to the test.
If you’re already using an old version of Clearance, please read the upgrade instructions. Please also follow Clearance on Github.
Happy coding.
Written by Dan Croak.
The Road to Rails 3
Being at RailsConf 5 has given us the opportunity to finalize a lot of the work we’ve done to prepare our plugins and gems for Rails 3. Thankfully, for many of the most popular gems, we’ve been able to maintain both Rails 3 and Rails 2.3.x compatibility in one gem. However, we’re taking this opportunity to say goodbye to some of our less widely used plugins, and some we plan on dropping Rails 2 support for altogether.
Obviously, Rails 3 isn’t actually out yet, so what we’re talking about here is Rails 3 beta 4. We’ll continue to keep things up to date and tested as we all move toward the release of Rails 3. Your help and patches are more than welcome.
So here is a comprehensive overview of the current status of the projects for both Rails 3 beta 4 and Rails 2.
Paperclip
We released Paperclip 2.3.3 a few days ago. This new version of Paperclip will work with Rails 3. Thanks to the investigation of nragaz and help from isaac and joeljunstrom on github, we worked out the kinks and it should be working with the Rails 2.3.x line, and Rails 3-beta 4. For the latest version of Paperclip, we’re no longer officially supporting Rails 2.0.x. The earliest version that will work is Rails 2.1.0. If you need support for an older version of Rails than that, you can use Paperclip 2.3.1.1.
hoptoad_notifier
A few days ago we released hoptoad_notifier 2.2.6 with includes support for Rails 3-beta 4 as well as all versions of Rails 2.x and Rails 1.2.6.
shoulda
We just released shoulda 2.11. Along with Rails 3 support, we’re maintaining support for Rails 2.3.x in this latest release. However, the latest version of shoulda will not support versions of Rails less than 2.3. If you need support for a version of Rails older than that, you can use a previously released version.
In addition to the Rails 3 support, shoulda 2.11 introduces some dramatic changes to shoulda, including a new way of interacting with all shoulda macros. The previous way has been deprecated and will be removed in shoulda 3.0. We’ll make a separate blog post detailing many of the very cool changes to shoulda and more details about the future of shoulda soon, but for now, take a look at the README for the latest information on setting up and using shoulda.
Factory Girl
We just pushed factory_girl 1.3 and factory_girl_rails 1.0. This new version adds Rails 3 support. Because of the way that Rails 3 loading has changed, we’ve decided to make a separate factory_girl_rails gem that will be used for when you want to use factory_girl with Rails. The existing factory_girl gem is used by factory_girl_rails and would be used if you’re using factory_girl outside of Rails. If you want to use factory_girl with Rails 2 you can continue to use the base factory_girl gem.
Clearance
We just released Clearance 0.9.0.rc1. This is a release candidate for Clearance 0.9.0. This new version adds support for Rails 3 but drops support for Rails 2. Don’t fret, if you won’t be upgrading to Rails 3, you can use a previously released version of the gem (0.8.8). We’re doing this one as a release candidate because of the dropping of backwards compatibility and the fact that we haven’t had a chance to test the new version in a variety of Rails 3 apps using clearance.
Please flex this release candidate with your Rails 3 apps and let us know how it goes.
Suspenders
Suspenders is currently at 2.3.5 (we haven’t been able to upgrade to 2.3.8 because of bugs we’ve seen with mongrel, webrat, and rack). We anticipate that Suspenders will be upgraded to Rails 3 a little after Rails 3 final comes out. But to be honest, we’re actually not sure yet what the upgrade path will look like for applications that are currently tracking Suspenders. It may be impossible to do without so many conflicts that its not worthwhile. We’re going to have to work on this more and keep you posted. Additionally, we’re in the process of making some fairly dramatic changes to Suspenders. Watch it on github and stay tuned here for more.
High Voltage
Fire in the Disco! We’ve also released High Voltage 0.9.0 which supports Rails 3 and is now a gem (it was previously just a plugin). The new version also drops support for Rails 2. If you need the previous, Rails 2 plugin there is a rails2 branch you can retrieve it from.
Pacecar
We also just released Pacecar 1.3 which supports Rails 3 and drops support for Rails 2. As in the other cases where we’ve done this, you can use the previous version of the gem, version 1.2.0 with Rails 2, or track the rails2 branch.
Squirrel
Squirrel was born out of a desire to make a new query syntax that was dynamic while being clean and simple. With Rails 3’s introduction of the New Active Record chainable query language, that goal has now been achieved in Rails. As a result, we’ll no longer be maintaining Squirrel. It was a fun ride.
Mile Marker
Over time, our workflow slightly changed for how we built applications and we haven’t used Mile Marker ourselves for some time now. As a result, we’re taking this opportunity to cease maintenance of this plugin and bid it farewell.
Moving on down the road
We’ve gotten more and more familiar with Rails 3 during moving all these gems to it. Many of the new features it offers are great, and existing features have been improved and cleaned up. We’re looking forward to Rails 3 finally being released in the coming weeks. Now that our plugins are up and running it should help us all to transition smoothly and quickly.
Thanks to the core team and various other railsconf attendees for spending time with us this week working on some of this - we’re looking forward to the final version of rails3!
