PHP: Testing protected methods in CakePHP3

One of the things I recently had to deal with – unit testing protected methods of the class. Few seconds of checking StackOverflow brought a nice and elegant way of checking protected methods using ReflectionClasses. Sebastian Bergmann has a complete guide on how to check non-public functionality of the classes in his archieves.

Here’s a short sample of the code using CakePHP3:


 use Search\Model\Table\SaveSearchTable;
 use Cake\TestSuite\TestCase;
 class SaveSearchTableTest extends TestCase
    public function setUp()
        $this->SavedSearches = \Cake\ORM\TableRegistry::get('SavedSearches');
    public function testProtectedMethod()
        $methodName = 'protectedMethod';
        $reflectionClass =  new \ReflectionClass('\Search\Model\Table\SaveSearchesTable');
        $method = $reflectionClass->getMethod($methodName);
        $methodResult = $method->invokeArgs( $this->SavedSearches, [


WP-CLI moves to

Great news to the WordPress community and those who spend most of their time in the console. WP-CLI after reaching 1.x stable moves to No more weird sftpd/vsftpd installations, wp-cli gets officially recognized as a community tool for upgrades that might come handy with composer bundle as we do it in Qobo for WordPress project templates.

Silver Searcher: ack but faster

As a frequent user of grep/ack for the codebase, ag seems to be a silver bullet, especially for the projects with large codebase. Available in rpm repositories.

What’s so great about Ag?

  • It is an order of magnitude faster than ack.
  • It ignores file patterns from your .gitignore and .hgignore.
  • If there are files in your source repo you don’t want to search, just add their patterns to a .ignore file. (*cough* *.min.js *cough*)
  • The command name is 33% shorter than ack, and all keys are on the home row!

CakeDC upgrades users plugin with Google Authenticator

Few days of work, and almost a month of waiting, but it was totally worth it. Yesterday noon, CakeDC community upgraded one of its major plugins, with our Qobo patch, that allows users to enable Google Authenticator functionality I wrote about previously. There’s no need anymore to use ‘dev-develop’ branches in composer.


Google Authenticator in CakePHP3.x

Google Authenticator gets a new wave of interest from the web community, trying to put an extra layer on top of user authentication process. There’s a plethora of plugins and components that let you authenticate with Google, but most of them aim to OAuth and Google+ integration. Two-step auth gets aside.

I took few hours on research for the simple 2FA library available on the net and found TwoFactorAuth that already support Google URI QR-codes, that can be easily embedded into any framework/application running on PHP.

CakePHP3.x Integration

With few minor modifications it nicely got integrated into CakePHP 3.x framework. If you’re using CakePHP 3.x, you can install ‘develop’ branch, of CakeDC/Users plugin, and enable two-factor authentication with few minor modifications.

 //config/app.php or any other config file that suites your app
 Configure::write('GoogleAuthenticator.login', true);
 some other custom configs you might need
 'GoogleAuthenticator' => [
            //enable Google Authenticator
            'login' => false,
            'issuer' => null,
            // The number of digits the resulting codes will be
            'digits' => 6,
            // The number of seconds a code will be valid
            'period' => 30,
            // The algorithm used
            'algorithm' => 'sha1',
            // QR-code provider (more on this later)
            'qrcodeprovider' => null,
            // Random Number Generator provider (more on this later)
            'rngprovider' => null,
            // Key used for encrypting the user credentials, leave this false to use Security.salt
            'encryptionKey' => false

When you enable it the CakeDC/Users Google Authenticator feature, upon ‘/login’ you will ll be redirected to ‘/verify’, where you should insert your verification code from the mobile app (Google Authenticator for Android).

If you’re already sharing a secret key with the website/app, you won’t have to synchronize an app with it. Otherwise, you’ll have to scan it first, as it’s described in the documentation. QR-code will appear on the ‘/verify’ action of the app.

UPD: CakeDC/Users has upgraded the plugin to 4.x version, which enables Google Authenticator in the master repo.

Vim: statusline and git customizations

Working with lots of projects at the same time in, I started to get confused on which branch I’m currently working.

Going back to the terminal, to check the diffs and commits, became a time waste in my daily routine, so I took a break during lunch, to get my vim plugins an upgrade. The catch of the day is the following:


Vim-Airline is a powerful status/tabline facelift of a default statusline with lots of customizations, and useful information on the files you work with. It nicely fits solarized theme, has color shift on different modes:

vim-airline demo
vim-airline with solarized theme enabled

Vim-gitgutter – is currently my favorite. The plugin identifies on-the-fly differences in the files you’re working in.

gitgutter diff
gitgutter diff with numbers on

And last, but not the least for today – git wrapper for vim – vim-fugitive. It comes very useful with its set of git commands that you can access directly from vim, for example:

* :Gblame - now you can blame yourself in all the bugs
* :Gstatus - what's the status?
* :Gbrowse - redirects you to repositories file in github/bitbucket
* :Gcommit - let the fun begin

And just to complete the list of cools stuff, I must mention tagbar, that I’ve been using for long time, and its phpctags addon, that can make your life easier with better PHP support.

To summarize it all, a bit of editors fun from Twitter:

Definition of “done”

It’s been a long way for the definition to get to this blog post, so i’ll choose the one which favors the most, meanwhile its revision history:

An example Story definition of done would look like this.

  1. All story should have automated acceptance test.
  2. The story should have working code supported by unit test that provide around 60 – 70 percent coverage.
  3. The story should have well defined acceptance criteria.
  4. The code must have been written as a pair or should be code reviewed.
  5. Code must be completely checked in to the source control system and the build should pass with all the automated tests running.
  6. The product owner must accept the story.
Sprint Definition of done:
  1. Product owner should have defined a sprint goal.
  2. All stories completed for the spring must be accepted by the product owner
  3. All the automated acceptance tests should be running for the stories in the sprint.
  4. All code should have been pair programmed or must have gone thorough a code review process.
  5. If there is a database involved, the database scripts must have been automated and tested.
Release Definition of done
  1. Product is deployed to the test box and makes it to staging
  2. Product has a formal release date.
  3. There are deployment documents for the release
  4. Training manuals are available for users.
  5. All stories for the release are completed and accepted.
  6. The release does not have any level one bugs.



PHP: Array vs ArrayObject benchmarking

Some measurements on Arrays vs ArrayObjects found among gist users. Just going to bring it here, in case gist dissappears.

# php -v
PHP 5.3.6 (cli) (built: Mar 17 2011 20:58:15)
Copyright (c) 1997-2011 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2011 Zend Technologies

# echo '<?php $s = array(); for($x=0;$x<1000;$x++){ $s[] = array("name"=>"Adam","age"=>35); }; echo memory_get_peak_usage(); ' | php

# echo '<?php $s = array(); for($x=0;$x<1000;$x++){ $o = new ArrayObject; $o->name = "Adam";  $o->age = 35;  $s[] = $o;} echo memory_get_peak_usage(); ' | php

# time echo '<?php $s = array(); for($x=0;$x<100000;$x++){ $o = new ArrayObject; $o->name = "Adam";  $o->age = 35;  $s[] = $o;} echo memory_get_peak_usage(); ' | php
real    0m1.448s
user    0m1.208s
sys     0m0.231s

# time echo '<?php $s = array(); for($x=0;$x<100000;$x++){ $s[] = array("name"=>"Adam","age"=>35); }; echo memory_get_peak_usage(); ' | php
real    0m0.525s
user    0m0.429s
sys     0m0.092s

We can conclude the following at least in PHP 5.6:

  • Winner for Speed: Arrays are faster than objects (with undefined or defined properties)
  • Winner for Memory: Objects with defined properties use less memory, 50%+ less than objects with undefined properties, only slightly less than Arrays

Ordered Fastest to Slowest in Speed for 100,000 items:

  • 0.107s – Arrays
  • 0.163s – Objects with undefined properties
  • 1.190s – Objects with defined properties

Ordered Least to Most Memory Usage for 1,000 items:

  • ~583kb – Objects with defined properties
  • ~807kb – Arrays
  • ~1.1mb – Objects with undefined properties