Sarav's Weblog

Technical Articles for RoR Developers

Preview of an image before it is uploaded

Might be a old topic. But still, it will be useful for the beginners.

Using jQuery we can achieve this, The preview action will be executed all in the browser without using Ajax to upload the image. Here is the example,

<!DOCTYPE html>
<script src=""></script>
function readURL(input) {
if (input.files && input.files[0]) {
var reader = new FileReader();

reader.onload = function (e) {


<meta charset=utf-8 />
<title>JS Bin</title>
<!--[if IE]>
<script src=""></script>
article, aside, figure, footer, header, hgroup,
menu, nav, section { display: block; }
<input type='file' onchange="readURL(this);" />
<img id="img_prev" src="#" alt="your image" />


Rails 3 – AuthLogic implementation – A basic tutorial

Last week I had a chance to implement authlogic for one of my projects. Initially I planned to go with Devise – Flexible authentication solution for Rails. It can be easily to plug and play. But I had a different intent/requirement to go with authlogic.

This tutorial will explain about, AutuhLogic implementation with rails 3. I’m just going to go over the basic commands/files that you need to get the framework up and working. Please refer to this link “; for a depth information. Reading required ūüôā I believe you have already installed rails 3 and other required gems. Here we go..

Auth Logic Basic Set up – Installation and configuration
Install authlogic gem

$ [sudo] gem install authlogic

create new application

$rails new auth_logic_implementation

Include the gem in the gem file #Gemfile

gem “authlogic”

database connectivity
I’ve used “mysql” for database connectivity. Change the database settings based on your mysql settings.

adapter: mysql
database: auth_logic_development
username: root
password: root

create database – run the following command

$rake db:create

Working with Models
create user and user_session models.

$rails g model user_session
$rails g model user

User session models will take care of the user sessions. In order to achieve this you have to inherit user_session model from AuthLogic.(ie AuthLogic instead of ActiveRecord)”

class UserSession < Authlogic::Session::Base

Then, in the user model, you have to tell Authlogic that its the model that you wand to use for logging in and out.

class User < ActiveRecord::Base
  acts_as_authentic do |c|
  end # block optional

and then update the migration files

 class CreateUserSessions < ActiveRecord::Migration
 def change
    create_table :user_sessions do |t|
      t.string :session_id, :null => false
      t.text :data

    add_index :user_sessions, :session_id
    add_index :user_sessions, :updated_at



class CreateUsers <ActiveRecord::Migration
  def change
    create_table :users do |t|
      t.string    :name,                :null => false, :default => ''
      t.string    :login,             :null => false
      t.string    :crypted_password,    :null => false
      t.string    :password_salt,       :null => false
      t.string    :email,               :null => false
      t.string    :persistence_token,   :null => false
      t.string    :single_access_token, :null => false
      t.string    :perishable_token,    :null => false                   

      t.integer   :login_count,         :null => false, :default => 0
      t.integer   :failed_login_count,  :null => false, :default => 0
      t.datetime  :last_request_at
      t.datetime  :current_login_at
      t.datetime  :last_login_at
      t.string    :current_login_ip
      t.string    :last_login_ip                                           


Make sure you have a model that you will be authenticating with. Since we are using the User model it should look something like:

class User < ActiveRecord::Base

  acts_as_authentic do |c|
    c.login_field = 'email'

  end # block optional


Do the migration

$rake db:migrate

Application controller and helper methods

class ApplicationController < ActionController::Base

  #filter_parameter_logging :password, :password_confirmation # there are underscores :-|

  helper_method :current_user_session, :current_user

    def current_user_session
      return @current_user_session if defined?(@current_user_session)
      @current_user_session = UserSession.find

    def current_user
      return @current_user if defined?(@current_user)
      @current_user = current_user_session && current_user_session.user

    def require_user
      logger.debug "ApplicationController::require_user"
      unless current_user
        flash[:notice] = "You must be logged in to access this page"
        redirect_to new_user_session_url
        return false

    def require_no_user
      logger.debug "ApplicationController::require_no_user"
      if current_user
        flash[:notice] = "You must be logged out to access this page"
       # redirect_to home_index_path
        return false

    def store_location
      #session[:return_to] = request.request_uri

    def redirect_back_or_default(default)
      redirect_to(session[:return_to] || default)
      session[:return_to] = nil


user_sessions controller, view, and routes


$ rails g controller user_sessions

class UserSessionsController  [:new, :create]
  before_filter :require_user, :only => :destroy

  def new
    @user_session =

  def create
    @user_session =[:user_session])
      flash[:notice] = "Login successful!"
      redirect_back_or_default account_url(@current_user)
      render :action => :new

  def destroy
    flash[:notice] = "Logout successful!"
    redirect_back_or_default new_user_session_url


# app/views/user_sessions/new.html.erb
<%= form_for @user_session, :as => :user_session, :url => { :action => "create" } do |f| %>
   <%= render "shared/error_messages", :target => @user_session %>
  <%= f.label :email %><br />
  <%= f.text_field :email %><br />
  <br />
  <%= f.label :password %><br />
  <%= f.password_field :password %><br />
  <br />
  <%= f.check_box :remember_me %><%= f.label :remember_me %><br />
  <br />
  <%= f.submit "Login" %>
<% end %>

Users and User Registration

$ rails g controller users

class UsersController < ApplicationController    before_filter :require_user, :only => [:show, :edit, :update]

  def new
    @user =

  def create
    @user =[:user])

    # Saving without session maintenance to skip
    # auto-login which can't happen here because
    # the User has not yet been activated
      flash[:notice] = "Your account has been created."
      redirect_to signup_url
      flash[:notice] = "There was a problem creating you."
      render :action => :new


  def show
    @user = current_user

  def edit
    @user = current_user

  def update
    @user = current_user # makes our views "cleaner" and more consistent
    if @user.update_attributes(params[:user])
      flash[:notice] = "Account updated!"
      redirect_to account_url
      render :action => :edit




<%= render "shared/error_messages", :target => @user %>

<%= form.label :name %><br />
<%= form.text_field :name %>
<%= form.label :email %><br />
<%= form.text_field :email %>
<%= form.label :password, form.object.new_record? ? nil : "Change password" %><br />
<%= form.password_field :password %>
<%= form.label :password_confirmation %><br />
<%= form.password_field :password_confirmation %>


<%= form_for @user do |f| %>
<%= render :partial => "form", :object => f, :locals => { :user => @user } %>
<%= f.submit "Register" %>
<% end %>

# app/views/users/show.html.erb
<%=h %>

<b>Login count:</b>
<%=h @user.login_count %>

<b>Last request at:</b>
<%=h @user.last_request_at %>

<b>Last login at:</b>
<%=h @user.last_login_at %>

<b>Current login at:</b>
<%=h @user.current_login_at %>

<b>Last login ip:</b>
<%=h @user.last_login_ip %>

<b>Current login ip:</b>
<%=h @user.current_login_ip %>

<%= link_to 'Edit Account', edit_account_path %>

<% if target.errors.any? %>
<div id="errorExplanation">
<h2><%= pluralize(target.errors.count, "error") %> prohibited this record from being saved:</h2>
<% target.errors.full_messages.each do |msg| %>
<li><%= msg %></li>
<% end %>
<% end %>


  resources :user_sessions

  match 'login' => "user_sessions#new",      :as => :login
  match 'logout' => "user_sessions#destroy", :as => :logout

  resources :users  # give us our some normal resource routes for users
  resource :user, :as => 'account'  # a convenience route

  match 'signup' => 'users#new', :as => :signup

  root :to => 'users#new'

$rake routes

    user_sessions GET    /user_sessions(.:format)          {:controller=>"user_sessions", :action=>"index"}
                  POST   /user_sessions(.:format)          {:controller=>"user_sessions", :action=>"create"}
 new_user_session GET    /user_sessions/new(.:format)      {:controller=>"user_sessions", :action=>"new"}
edit_user_session GET    /user_sessions/:id/edit(.:format) {:controller=>"user_sessions", :action=>"edit"}
     user_session GET    /user_sessions/:id(.:format)      {:controller=>"user_sessions", :action=>"show"}
                  PUT    /user_sessions/:id(.:format)      {:controller=>"user_sessions", :action=>"update"}
                  DELETE /user_sessions/:id(.:format)      {:controller=>"user_sessions", :action=>"destroy"}
            login        /login(.:format)                  {:controller=>"user_sessions", :action=>"new"}
           logout        /logout(.:format)                 {:controller=>"user_sessions", :action=>"destroy"}
            users GET    /users(.:format)                  {:controller=>"users", :action=>"index"}
                  POST   /users(.:format)                  {:controller=>"users", :action=>"create"}
         new_user GET    /users/new(.:format)              {:controller=>"users", :action=>"new"}
        edit_user GET    /users/:id/edit(.:format)         {:controller=>"users", :action=>"edit"}
             user GET    /users/:id(.:format)              {:controller=>"users", :action=>"show"}
                  PUT    /users/:id(.:format)              {:controller=>"users", :action=>"update"}
                  DELETE /users/:id(.:format)              {:controller=>"users", :action=>"destroy"}
          account POST   /user(.:format)                   {:controller=>"users", :action=>"create"}
      new_account GET    /user/new(.:format)               {:controller=>"users", :action=>"new"}
     edit_account GET    /user/edit(.:format)              {:controller=>"users", :action=>"edit"}
                  GET    /user(.:format)                   {:controller=>"users", :action=>"show"}
                  PUT    /user(.:format)                   {:controller=>"users", :action=>"update"}
                  DELETE /user(.:format)                   {:controller=>"users", :action=>"destroy"}
           signup        /signup(.:format)                 {:controller=>"users", :action=>"new"}
             root        /                                 {:controller=>"users", :action=>"new"}

Start the application

$ rails server

Visit http://localhost:3000 – default root path set to signup. Otherwise you can hit /signup to register an account! Then log out by going to /logout, and try logging back in at /login.

Note: Dont forget to delete the public/index.html

The majority of the content was taken from the Authlogic tutorial on github.
and thanks to

Understand Rails Authenticity Token!

What happens:
When the user views a form to create, update, or destroy a resource, the rails app would create a random authenticity_token, store this token in the session, and place it in a hidden field in the form. When the user submits the form, rails would look for the authenticity_token, compare it to the one stored in the session, and if they match the request is allowed to continue.

Why this happens:
Since the authenticity token is stored in the session, the client can not know its value. This prevents people from submitting forms to a rails app without viewing the form within that app itself. Imagine that you are using service A, you logged into the service and everything is ok. Now imagine that you went to use service B, and you saw a picture you like, and pressed on the picture to view a larger size of it. Now, if some evil code was there at service B, it might send a request to service A (which you are logged into), and ask to delete your account, by sending a request to This is what is known as CSRF (Cross Site Request Forgery).

If service A is using authenticity tokens, this attack vector is no longer applicable, since the request from service B would not contain the correct authenticity token, and will not be allowed to continue.

Notes: Keep in mind, rails only checks POST, PUT, and DELETE requests. GET request are not checked for authenticity token. Why? because the HTTP specification states that GET requests should NOT create, alter, or destroy resources at the server, and the request should be idempotent (if you run the same command multiple times, you should get the same result every time).

Lessons: Use authenticity_token to protect your POST, PUT, and DELETE requests. Also make sure not to make any GET requests that could potentially modify resources on the server.

Courtesy: Faisal and stack overflow

Apache Thrift with Ruby – A basic Tutorial

Thrift is a software framework for scalable cross-language services development. It combines a software stack with a code generation engine to build services that work efficiently and seamlessly between C++, Java, Python, PHP, Ruby, Erlang, Perl, Haskell, C#, Cocoa, Smalltalk, and OCaml.

Originally developed at Facebook, Thrift was open sourced in April 2007 and entered the Apache Incubator in May, 2008.

Thrift is arguably one of the best lightweight systems for cross-language programming using code-generation, RPC, and object serialization. Designed from the ground up by the Facebook development team it enables seamless integration of the most commonly used languages (Ruby, Perl, C/C++, Haskell, Python, Java, and more) via a set of common RPC libraries and interfaces.

In this post I’ll outline how to setup and connect a thrift client in ruby

To install thrift

gem install thrift


  • Defining a thrift service
  • Run the server script(ruby)
  • Run the client script(ruby)

Defining a service in Thrift

The core goal of Thrift is to enable efficient and reliable communications across multiple languages. All datatypes and services are defined in a single language-neutral file and the necessary code is auto-generated for the developer by the thrift compiler.

One of the great things about thrift is that it simplifies the communication between a client and server to a simple .thrift file. This file describes the data structures, and functions available to your remote service. In this tutorial, we use a simple calculator mechanism.

Define a struct and a service

	enum BinaryOperation {

	/** Structs are the basic complex data structures. They are comprised of fields 
	   * which each have an integer identifier, a type, a symbolic name, and an 
	   * optional default value. */
	struct ArithmeticOperation {
		1:BinaryOperation op,
		2:double lh_term,
		3:double rh_term,

	/* Structs can also be exceptions, if they are nasty. */
	exception ArithmeticException {
		1:string msg,
		2:optional double x,

	service Calculator {

		* A method definition looks like C code. It has a return type, arguments,
		* and optionally a list of exceptions that it may throw. Note that argument
		* lists and exception lists are specified using the exact same syntax as
		* field lists in struct or exception definitions.
		double calc(1:ArithmeticOperation op) throws (1:ArithmeticException ae),
		* This method has an oneway modifier. That means the client only makes
		* a request and does not listen for any response at all. Oneway methods
		* must be void.
		* The server may execute async invocations of the same client in parallel/
		* out of order.
		oneway void run_task()

Open a empty file and create service(copy the above code) and save it with .thrift extension(eg:calc.thrift)

We’ve defined two different functions: remote calculationand an asynchronous method call. To generate the required code, we simply call the thrift generator:

# Generate C++, Ruby, and Python implementations
# generated code will be in ‘gen-cpp’, ‘gen-rb’, ‘gen-py’ folder

thrift --gen rb calc.thrift

The beauty of this approach is, of course, the ability to mix and match implementations of services: server may be written in C++, but we can access it seamlessly via a Python, Java, or a Ruby client. Thrift will take care of the communications links, object serialization, and socket management!

Implementing a Thrift powered server in Ruby

A very simple example of interaction with a calculator server application whose actions are facilitated by thrift. Both the client and server negotiate on the common interface defined by calc.thrift.

# include thrift-generated code

require 'thrift'
require 'calculator'

# provide an implementation of Calculator
class CalculatorHandler
	def initialize()
		#nothing goes here

	def calc(val)
		lh_term = val.lh_term
		rh_term = val.rh_term
		case val.op
			when 1 #Addition
			when 2 #subraction
			when 3 #multiplication
			when 4 #division
			when 5	#modulas
	def run_task()
		puts "Kicking off the task"

# Thrift provides mutiple communication endpoints
#  - Here we will expose our service via a TCP socket
#  - Web-service will run as a single thread, on port 9090

handler =
processor =
transport =
transportFactory =
server =, transport, transportFactory)
puts "Starting the Calculator server..."
puts "done."

To expose our thrift service, we wrap it into a TCP socket listening on port 9090. From this point on, Thrift takes over all communications, serialization and handling of the incoming requests. Because the protocol is identical in every language, the client may be written in any language of choice.

Building the Ruby Client

You may have the client program in any language which supports Thrift.

In similar fashion, we can build a Ruby client for any Thrift service with just a few lines of code. To interface with our server implementation above, refer the following code:

# include thrift-generated code

require 'thrift'
require 'calculator'

	port = ARGV[0] || 9090

	transport ='localhost', 9090))
	protocol =
	client =

	ar =    
	ar.op = BinaryOperation::ADDITION
	ar.lh_term = 99
	ar.rh_term = 3
	# Run a remote calculation
	result = client.calc(ar)  #it accessing the ruby server program method calc via thrift service
	puts result.inspect
	#Run a Async call
	puts $!

And there you have it, a simple thrift client. I hope you think about thrift next time you need to interface between 2 applications, or require some kind of client->server model for your system. Thrift makes it very fast and convenient to share data across different programming languages and makes it easy/flexible to develop to a shared interface contract. Cheers!

Download Files


  • Download the calc.thrift and place it into the new folder(name it whatever you like. Eg:- thrift-ruby)
  • cd thrift-ruby
  • thrift –gen rb calc.thrift (it will create the auto generated ruby code. Dont change anything on the auto generated code)
  • create the folder named “rb” and place the ruby_server.rb and ruby_client.rb
  • run server program first. $ruby ruby_server.rb (it will start the server)
  • then run the client program in new cmd prompt. $ruby ruby_client.rb


Protected: What I’ve did

This content is password protected. To view it please enter your password below:

Remove a remote Git branch and tags

Removing a branch from your remote repo is a little bit different from removing it locally. It’s all about the colon:


git push origin :heads/some-branch
git push origin :your_branch_name

removes some-branch from the remote repo (apparently git push origin :some-branch works as well).

This works for removing a tag as well:

git push origin :sometag

I found it in the git guides posting it here for *my* reference, and possibly other people as well.


Google Chrome Now on Linux

A fast new browser: Now available for Linux

Get Google Chrome (BETA)
It’s free and is installed in seconds

Download google chorme from


$ sudo dpkg -i google-chrome-beta_current_i386.deb

  • New! For Linux- (Debian/Ubuntu/Fedora/openSUSE)
  • Google Chrome runs websites and applications with lightning speed
  • Fast start-up- Google Chrome launches immediately.
  • Fast loading-Google Chrome loads websites quickly.
  • Fast search-Search the internet directly from the address bar

Ruby-LDAP (add, search)

LDAP in Ruby

To use LDAP in Ruby you have to use following gems. So Install the following gems.

  • sudo gem install net-ldap
  • sudo gem insall ruby-net-ldap

User Authentication against LDAP Directory Using Ruby

Example of a user-authentication against an LDAP directory:

require 'rubygems'
require 'net/ldap'

ldap = = your_server_ip_address
ldap.port = 389
ldap.auth "joe_user", "opensesame"
if ldap.bind
  # authentication succeeded
  # authentication failed

Search against LDAP Directory Using Ruby

Quick Example of a search against an LDAP directory:

require 'rubygems'
require 'net/ldap'

username = "cn=manager,dc=example,dc=com"
password = "xxxxxxxx"
host = #(or) host = (ipaddress)
ldap = :host => host,  :port => 389
ldap.auth username, password

filter = Net::LDAP::Filter.eq( "cn", "George*" )
treebase = "dc=example,dc=com" :base => treebase, :filter => filter ) do |entry|
  puts "DN: #{entry.dn}"
  entry.each do |attribute, values|
    puts "   #{attribute}:"
    values.each do |value|
      puts "      --->#{value}"

#puts  ldap.get_operation_result

Check out the rest of the documentation for pretty good examples. This is the library I recommend. In my situation, I’m using ruby-net-ldap to import data in to, manipulate and query data in an OpenDS LDAP server.

Making beautiful graphs with Ruby

I’m evaluating some charting tools (free) to be used with RoR web
application. Those should be easy to use and yet have some elegant
features. At the moment I’m using Open Flash chart. But I’m on
evaluating following

New source path for ruby gems

If you would had chance to view any ruby news in recent days , you would have come to know that github is no more going to host gems any-more. Ofcourse github will continue to host current gems (if I am not wrong that too for an year only)

Ok. No worries. From now onwards gemcutter is going to host ruby gems. so we all would need to update our ruby gem source path. commands to do so are as follows:

sudo gem update –system
sudo gem install gemcutter
gem tumble

This will add gemcutter as your primary RubyGem source. I think in near future all gems will be available at gemcutter, not rubyforge or github.
Follow above mentioned steps, to make sure you install proper version of gem.