Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Shoulda Matchers provides RSpec- and Minitest-compatible one-liners to test common Rails functionality that, if written by hand, would be much longer, more complex, and error-prone.
📖 Read the documentation for the latest version. 📢 See what's changed in recent versions.
Start by including shoulda-matchers
in your Gemfile:
group :test do
gem 'shoulda-matchers', '~> 6.0'
end
Then run bundle install
.
Now you need to configure the gem by telling it:
If you're working on a Rails app, simply place this at the bottom of
spec/rails_helper.rb
(or in a support file if you so choose):
Shoulda::Matchers.configure do |config|
config.integrate do |with|
with.test_framework :rspec
with.library :rails
end
end
If you're not working on a Rails app, but you still make use of ActiveRecord or
ActiveModel in your project, you can still use this gem too! In that case,
you'll want to place the following configuration at the bottom of
spec/spec_helper.rb
:
Shoulda::Matchers.configure do |config|
config.integrate do |with|
with.test_framework :rspec
# Keep as many of these lines as are necessary:
with.library :active_record
with.library :active_model
end
end
If you're using our umbrella gem Shoulda, then make sure that you're using the latest version:
group :test do
gem 'shoulda', '~> 4.0'
end
Otherwise, add shoulda-matchers
to your Gemfile:
group :test do
gem 'shoulda-matchers', '~> 6.0'
end
Then run bundle install
.
Now you need to configure the gem by telling it:
If you're working on a Rails app, simply place this at the bottom of
test/test_helper.rb
:
Shoulda::Matchers.configure do |config|
config.integrate do |with|
with.test_framework :minitest
with.library :rails
end
end
If you're not working on a Rails app, but you still make use of ActiveRecord or
ActiveModel in your project, you can still use this gem too! In that case,
you'll want to place the following configuration at the bottom of
test/test_helper.rb
:
Shoulda::Matchers.configure do |config|
config.integrate do |with|
with.test_framework :minitest
# Keep as many of these lines as are necessary:
with.library :active_record
with.library :active_model
end
end
Most of the matchers provided by this gem are useful in a Rails context, and as such, can be used for different parts of a Rails app:
delegate
As the name of the gem indicates, most matchers are designed to be used in
"one-liner" form using the should
macro, a special directive available in both
RSpec and Shoulda. For instance, a model test case may look something like:
# RSpec
RSpec.describe MenuItem, type: :model do
describe 'associations' do
it { should belong_to(:category).class_name('MenuCategory') }
end
describe 'validations' do
it { should validate_presence_of(:name) }
it { should validate_uniqueness_of(:name).scoped_to(:category_id) }
end
end
# Minitest (Shoulda)
class MenuItemTest < ActiveSupport::TestCase
context 'associations' do
should belong_to(:category).class_name('MenuCategory')
end
context 'validations' do
should validate_presence_of(:name)
should validate_uniqueness_of(:name).scoped_to(:category_id)
end
end
See below for the full set of matchers that you can use.
subject
For both RSpec and Shoulda, the subject is an implicit reference to the
object under test, and through the use of should
as demonstrated above, all of
the matchers make use of subject
internally when they are run. A subject
is
always set automatically by your test framework in any given test case; however,
in certain cases it can be advantageous to override it. For instance, when
testing validations in a model, it is customary to provide a valid model instead
of a fresh one:
# RSpec
RSpec.describe Post, type: :model do
describe 'validations' do
# Here we're using FactoryBot, but you could use anything
subject { build(:post) }
it { should validate_presence_of(:title) }
end
end
# Minitest (Shoulda)
class PostTest < ActiveSupport::TestCase
context 'validations' do
subject { build(:post) }
should validate_presence_of(:title)
end
end
When overriding the subject in this manner, then, it's important to provide the correct object. When in doubt, provide an instance of the class under test. This is particularly necessary for controller tests, where it is easy to accidentally write something like:
RSpec.describe PostsController, type: :controller do
describe 'GET #index' do
subject { get :index }
# This may work...
it { should have_http_status(:success) }
# ...but this will not!
it { should permit(:title, :body).for(:post) }
end
end
In this case, you would want to use before
rather than subject
:
RSpec.describe PostsController, type: :controller do
describe 'GET #index' do
before { get :index }
# Notice that we have to assert have_http_status on the response here...
it { expect(response).to have_http_status(:success) }
# ...but we do not have to provide a subject for render_template
it { should render_template('index') }
end
end
If you're using RSpec, then you're probably familiar with the concept of example
groups. Example groups can be assigned tags order to assign different behavior
to different kinds of example groups. This comes into play especially when using
rspec-rails
, where, for instance, controller example groups, tagged with
type: :controller
, are written differently than request example groups, tagged
with type: :request
. This difference in writing style arises because
rspec-rails
mixes different behavior and methods into controller example
groups vs. request example groups.
Relying on this behavior, Shoulda Matchers automatically makes certain matchers available in certain kinds of example groups:
type: :model
or in files located under
spec/models
.type: :controller
or in files located under
spec/controllers
.route
matcher is available in routing example groups, i.e., those
tagged with type: :routing
or in files located under spec/routing
.As long as you're using Rails, you don't need to worry about these details — everything should "just work".
What if you are using ActiveModel or ActiveRecord outside of Rails, however, and you want to use model matchers in a certain example group? Then you'll need to manually include the module that holds those matchers into that example group. For instance, you might have to say:
RSpec.describe MySpecialModel do
include Shoulda::Matchers::ActiveModel
include Shoulda::Matchers::ActiveRecord
end
If you have a lot of similar example groups in which you need to do this, then
you might find it more helpful to tag your example groups appropriately, then
instruct RSpec to mix these modules into any example groups that have that tag.
For instance, you could add this to your rails_helper.rb
:
RSpec.configure do |config|
config.include(Shoulda::Matchers::ActiveModel, type: :model)
config.include(Shoulda::Matchers::ActiveRecord, type: :model)
end
And from then on, you could say:
RSpec.describe MySpecialModel, type: :model do
# ...
end
should
vs is_expected.to
In this README and throughout the documentation, you'll notice that we use the
should
form of RSpec's one-liner syntax over is_expected.to
. Beside being
the namesake of the gem itself, this is our preferred syntax as it's short and
sweet. But if you prefer to use is_expected.to
, you can do that too:
RSpec.describe Person, type: :model do
it { is_expected.to validate_presence_of(:name) }
end
Here is the full list of matchers that ship with this gem. If you need details about any of them, make sure to consult the documentation!
has_secure_password
.validates_absence_of
.validates_acceptance_of
.validates_confirmation_of
.validates_exclusion_of
.validates_inclusion_of
.validates_length_of
.validates_numericality_of
.validates_presence_of
.validates_comparison_of
.accepts_nested_attributes_for
macro.belongs_to
associations.enum
macro.has_and_belongs_to_many
associations.delegated_type
macro.implicit_order_column
.has_many
associations.has_many_attached
associations.has_one
associations.has_one_attached
associations.attr_readonly
macro.has_rich_text
associations.serialize
macro.validates_uniqueness_of
.normalize
macroencrypts
macro.params
hash.rescue_from
macro.session
hash.flash
hash.after_action
callback is defined in your controller.around_action
callback is defined in your controller.before_action
callback is defined in your controller.Over time our community has created extensions to Shoulda Matchers. If you've created something that you want to share, please let us know!
Have a fix for a problem you've been running into or an idea for a new feature you think would be useful? Take a look at the Contributing document for instructions on setting up the repo on your machine, understanding the codebase, and creating a good pull request.
Shoulda Matchers is tested and supported against Ruby 3.0+, Rails 6.1+, RSpec 3.x, and Minitest 5.x.
Shoulda Matchers follows Semantic Versioning 2.0 as defined at https://semver.org.
Shoulda Matchers is currently maintained by Pedro Paiva and Matheus Sales. Previous maintainers include Elliot Winkler, Gui Albuk, Jason Draper, Melissa Xie, Gabe Berke-Williams, Ryan McGeary, Joe Ferris, and Tammer Saleh.
Shoulda Matchers is copyright © Tammer Saleh and thoughtbot, inc. It is free and opensource software and may be redistributed under the terms specified in the LICENSE file.
This repo is maintained and funded by thoughtbot, inc. The names and logos for thoughtbot are trademarks of thoughtbot, inc.
We love open source software! See our other projects. We are available for hire.
FAQs
Unknown package
We found that shoulda-matchers demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.