Preparing for an upgrade to Rails 4.0

There are a number of steps you can take to prepare an app for an eventual upgrade to Rails 4.0. Taking these steps now will simplify the upgrade later.

1. Upgrade everything else possible

It seems simple, but upgrade everything else possible first. This means ensuring you’re on Ruby 1.9.3 or 2.0.

Update as many other gems as possible too.

bundle outdated may be a helpful tool. Just know that it lists all potential upgrades, not just upgrades that are compatible with your existing Rails 3.2 stack. (For example, it will list the Rails 4 gems.)

2. Move to strong_parameters

Rails 4 ditches attr_accessible/attr_protected in the models and replaces them with controller-based handling. This has the benefit of letting each controller handle things individually. The new format looks something like this:

1params.require(:user).permit(:username, :password)

This new way of handling the params hash is available as a standalone gem for Rails 3.2: strong_parameters.

It’s a fairly easy change to make ahead of time. After using the new style, I happen to prefer it over the old way – you might too.

3. If you use ActiveRecord, change all scopes to lambdas.

Old style:

1scope :is_active, where(active: true)


1scope :is_active, ->{ where(active: true) }

Or if you’re more comfortable with the older Ruby syntax:

1scope :is_active, lambda{ where(active: true) }

Anything that was already a lambda stays as is.

4. Tidy up RegExp’s

Technically speaking, anchoring to the beginning of a string in a Regexp should use \A not ^. Likewise, anchoring to the end should use \z instead of $.

If you’re dealing with input that’s known to be at least somewhat sane, ^ and $ are fine – and visually a little cleaner.

However, ^ and $ only anchor to the beginning of a line within a string. When dealing with user-provided input, this is not good (nor sufficient).

Rails 4 now enforces better behavior for all validation strings so as to avoid careless mistakes.

So this:

1validates_format_of :alphabet, with: /^abc.*xyz$/


1validates_format_of :alphabet, with: /\Aabc.*xyz\z/

It may be worthwhile to search your entire code base for /^ and $/ (not just app/models/*.rb) as an incorrect RegExp could potentially have security implications for your app.

5. Update routes.rb

Rails 4 places new restrictions on the match method in routes.rb.

Search routes.rb for match. For each occurance, if it only needs to allow a single HTTP verb, just change it to get, post, put, or delete.

If it needs to allow multiple verbs, then explicitly list them using :via:

1match '/contact', via: [:get, :post]

6. Ensure your test suite passes

If you have tests, make sure they’re not broken before you even start.

If there are a few holes in your test suite, now might be a good time to plug them.

If you don’t have a test suite, ideally you’d consider writing one now. But that’s pretty unrealistic, so just prepare to spend some extra time exercising the various parts of your app when you do the Rails 4 upgrade. If you have any particularly fragile parts of your app, it might be worth considering writing a few tests for those areas.

tags: rails, rails4