Tagcakephp

Google Authenticator in CakePHP3.x

Google Authenticator gets a new wave of interest from the web community, trying to put an extra layer on top of user authentication process. There’s a plethora of plugins and components that let you authenticate with Google, but most of them aim to OAuth and Google+ integration. Two-step auth gets aside.

I took few hours on research for the simple 2FA library available on the net and found TwoFactorAuth that already support Google URI QR-codes, that can be easily embedded into any framework/application running on PHP.

CakePHP3.x Integration

With few minor modifications it nicely got integrated into CakePHP 3.x framework. If you’re using CakePHP 3.x, you can install ‘develop’ branch, of CakeDC/Users plugin, and enable two-factor authentication with few minor modifications.

 <?php
 //config/app.php or any other config file that suites your app
 Configure::write('GoogleAuthenticator.login', true);
 /*
 some other custom configs you might need
 'GoogleAuthenticator' => [
            //enable Google Authenticator
            'login' => false,
            'issuer' => null,
            // The number of digits the resulting codes will be
            'digits' => 6,
            // The number of seconds a code will be valid
            'period' => 30,
            // The algorithm used
            'algorithm' => 'sha1',
            // QR-code provider (more on this later)
            'qrcodeprovider' => null,
            // Random Number Generator provider (more on this later)
            'rngprovider' => null,
            // Key used for encrypting the user credentials, leave this false to use Security.salt
            'encryptionKey' => false
        ],
*/
?>

When you enable it the CakeDC/Users Google Authenticator feature, upon ‘/login’ you will ll be redirected to ‘/verify’, where you should insert your verification code from the mobile app (Google Authenticator for Android).

If you’re already sharing a secret key with the website/app, you won’t have to synchronize an app with it. Otherwise, you’ll have to scan it first, as it’s described in the documentation. QR-code will appear on the ‘/verify’ action of the app.

UPD: CakeDC/Users has upgraded the plugin to 4.x version, which enables Google Authenticator in the master repo.

Qobo: first month benchmark

It’s been already one month since I moved to Qobo Ltd, as a backend developer, so it’s about time to do some benchmarks on the work done.

Open-Source

The level of open source involvement of Qobo is enormous. All the projects I’ve been involved in before were always about open-source: it was either based on open-source, or using open-source solutions into some extend. Every time it ends up locking down the solutions for indoor use. It was either features the company didn’t want to share with the open-source community, or key business aspects that were crucial for competitive advantage. The story repeats over and over – the level of feedback to open source was minimal.

Contrarily, Qobo’s approach towards open-source is different. I didn’t do the exact measures, but it’s approximately 70-80% of code that goes to public repositories. Apart of advocating open-source within the company, we participate in other development communities, which helps us get things better. What’s the point of getting stuck with yet another closed-source plugin/module/library that others troubleshooted/patched and use everywhere. Examples? Well, it’s CakeDC community, CakePHP framework, WordPress, Bootstrap, and many others.

Side-effects of it:

  • You write better code (if you want to get things accepted in pull requests)
  • You stand on the shoulders of giants (community helps. Always)
  • Self-development (you’re not stuck with repetitive tasks)
Teams

Q: how many programmers does it take to change a light bulb?

A: none, that’s a hardware problem (c)

Small teams, dedicated to certain projects or split by the expertise in certain technology or business aspects. Mind blowing speed of deployment & accuracy. The most appropriate way of describing the social system and involvement in the projects would be meritocracy – “We do it, because we can”.

 

Chronos: CakePHP replacement for carbon

Chronos is a drop-in library replacement for nesbot/carbon.

It provides immutable date/datetime objects. Immutable objects help us to ensure, that DateTime objects aren’t accidentally modified.

<?php
require 'vendor/autoload.php';
use Cake\Chronos\Chronos;
printf("Now: %s", Chronos::now());
?>

CakePHP 3 adopts PSR-2

Recently read this article from James Watts:

By adopting PSR-2 we can remove or reduce the code we maintain related to enforcing coding standards.

As there are common tools, used by the rest of the community, to validate and revise CS issues, without requiring exceptions.

james watts

Looks like it’s the time to re-write our internal modules with PSR-2 standards in mind. If we want to share them with open-source community, of course

Cakephp 2.x: failing Phing using CakePHP testsuites

Digging todays deployment scripts on CI (Continuous integration) machine, I’ve noted that no matter how many Unit tests fail, phing still thought that builds were successful. Teetering on the brink of a heart attack, I’ve started checking stage machines, and production systems, to get the prove of concept. Thankfully, the number of failed tests wasn’t too big, and patches were added shortly, but the issue remained.

It appeared that ExecTask of Phing (no matter how the script is ran), will return success, unless you start comparing the values outside of it. Solution was pretty obvious, but took some time to go through the documentation of Phing/PHPUnit/CakePHP:

© 2018 Andy's Cave

Theme by Anders NorénUp ↑