CakeDC Blog

TIPS, INSIGHTS AND THE LATEST FROM THE EXPERTS BEHIND CAKEPHP

Why an independent code review is important

Passbolt recently contacted us about doing a code review so we thought now would be a great time to share more about our code review process with you.

While in-house and peer reviews are important to maximise code quality, it is still incredibly important to get an independent third party to review your code - that is where CakeDC can step in.

Passbolt is free, open-source, self hosted password manager for teams which makes collaboration and sharing company account credentials within a team much easier. It's based on open security standards and uses OpenPGP to authenticate users and verify secrets server side. Passbolt consists of server side web app built in CakePHP providing web interface and API, and Chrome extension for client side.

The overall aspects that are reviewed in our code review include a review of quality, implementation, security, performance, documentation and test coverage.

When looking into quality, the team reviews aspects concerning the code following CakePHP conventions, coding standards and coding quality. Overall, passbolt’s code review revealed that CakePHP conventions and coding standards are largely followed, no concerns were detected.

Implementation outlines key issues with framework use and approach. It includes reviewing the code for framework usage, separation of concerns as well as code reuse and modularity. Key recommendations are outlined at this point and guidance is given into how to solve any issues. For the Passbolt review, bigger or concerning issues were uncovered, but improvements were recommended and outlined within the closing documentation.

The security portion of the code review deals with how secure the code is in terms of CakePHP usage. No security flaws were found in the passbolt code review.

Our in depth code review focuses on performance, specifically investigating any bottlenecks in the code base and database as well as indexes optimization.

For the full passbolt code review results, check out the Code review results. Passbolt has also posted about their review, check out their post here.

If you or your company has a CakePHP application and you aren’t sure if its running at the optimum, then get in touch - Code reviews can offer insights and learning into how to improve your application.

Latest articles

15 Years of CakePHP

This April we will be celebrating 15 years of CakePHP! I can’t help but feel honored to have been a part of this framework, made lasting connections, and help build up the community. As one of the founders of the CakePHP project, I want to express how excited I am about the positive progress that has taken place over the years. We started out with just a few core members, which got us pretty far. Looking back, it’s crazy to see how much our community has grown, and with all of the input, this project has become one of the longest developed PHP framework available today! Our community has always centered on going the extra mile in order to acquire the best results in every aspect. This is not to say that some ups and downs have not hit us along the way in the last 14 years. Indeed, there have been bumps in the road, and some discussions regarding the route the project should take moving forward. Heck, there have even been some individuals who have opted to depart from the team. Other team members have decided to place their feelings down and their dedication in front at all times to work past disagreements in order for CakePHP to continue to evolve in the positive ways it has. Each year, people with diverse visions are joining our core team, and the future for CakePHP is promising. The team is working harder than ever before to keep CakePHP in its reigning position, and promoting it in the open source world for it to continue to impress. Our goals are clear - and if we have anything to say about it, CakePHP is not going anywhere, anytime soon. Our team is certainly stronger and more determined to continue giving the project their all. There are so many things that make the open-source community amazing - I mean think about it: people from different backgrounds, who speak different languages, and who have different beliefs come together and work jointly to attain a common goal. It’s pretty cool. I have worked with open-source software for more than 25-years. Even so, I am still amazed daily on what can be accomplished by such a diverse group of individuals. Actually, I think the rest of the world could take some notes from the open-source community and the benefits that come from people working together. The friends that I have made in the open-source community throughout the years are way too many to name one by one, but I am grateful. This goes on to reflect my awesome experience with it, one that will always be present on my mind. I want to finally express to the CakePHP core team, the CakePHP community, and everyone I have had the pleasure and honor of working with at CakeDC, that I am extremely thankful for absolutely everything. Here is to 15 more years of CakePHP.

How To Get More Involved In Your Community

Ever wondered where you can find out more about a specific topic related to PHP, or find out new and exciting things happening in the PHP world? We’ve put together a list of useful links that will help you on your PHP journey!

 

Learn More 

Cakephp Training

The team at CakeDC sponsors monthly training - focusing on the following topics.
  • Standard CakePHP 4 Training Course
These interactive and live sessions offer you the opportunity to get involved, ask questions and learn more from the experts behind the framework.  

CakePHP Tutorials

The CakePHP cookbook (i.e the documentation) includes several tutorials to help you along. These are a great way to learn more about typical CakePHP applications and to come to grasps with how CakePHP is put together.  

CakeFest - The annual CakePHP Conference

CakeFest, run over 4 full days, features 2 full workshop days led by the top CakePHP developers. The last two days showcase some of the top CakePHP speakers from around the world - join CakeFest to experience a jam-packed opportunity to increase your knowledge base and grow your community network.  

Stack Overflow

While not a traditional platform with courses or guided tutorials, Stackoverflow offers something better - real life issues that others are facing, and how they have found a solve for them! You can really learn a lot by watching others.  

PHP: The Right Way.

As a PHP developer, it can sometimes be difficult to find information that is both updated and helpful to your specific problem. PHP: The Right Way is a an easy-to-read platform that you can use as a reference for popular and up-to-date coding standards, links to tutorials as well as best practices. From the best practices through to resources, community groups and more, PHP The Right Way should be on your frequently visited list.   

Read More 

Blogs

There are many CakePHP related blogs out there - here are just a handful of the ones we find awesome!  https://www.dereuromark.de/tag/cakephp/  http://mark-story.com/  http://josediazgonzalez.com/  http://www.cakedc.com/articles  

PHP Architect

PHP[architect] is a digital magazine solely focused on the world of PHP. From in-depth technical articles through to hosting training and organizing conferences, this is a great resource to grow your PHP knowledge base from.  

Listen More

Voices of the ElePHPant

Voice of the ElePHPant is a regular podcast interviewing PHP community members on a wide variety of topics. Cal Evans digs deep into what is keeping community members busy.
 

Phpugly

Another podcast focused on the PHP Community - hosted By @shocm, @realrideout, and @johncongdon.  

Discover More

Awesome CakePHP

Run by the Friends of Cake, the awesome CakePHP list is a curated list of  plugins, resources and other interesting CakePHP links.   

Awesome PHP

There are many PHP lists of curated PHP libraries and resources - here are just a few that we think you would find interesting. https://github.com/ziadoz/awesome-php https://php.libhunt.com/  

PHP league

A group of developers joined forces to create the league of extraordinary Packages - where they build solid, well tested PHP packages using modern coding standards.  

Packagist 

Packagist helps you to find packages and lets Composer know where to get the code from. Check out download stats or publish your own package.    Do you have more to add to this list? 

CakeDC/Users 9.x Easy migration from AuthComponent

In a previous article, we talked about the version 9.x of the CakeDC/Users plugin which is compatible with CakePHP 4 and compatible with the cakephp/authentication and cakephp/authorization plugins, we recommend you check it out. In this article we will demonstrate how to migrate your code from AuthComponent. Before we continue, it is important to remember some things:

  • Authentication and Authorization are performed at the middleware layer
  • Authorization is configured to work with Rbac (config/permissions.php)
  • The migration guide `8.x-9.0` is available for additional information
  • 9.x version is for CakePHP 4

Replacing AuthComponent::allow, also known as public actions

For many applications it is normal to have public actions that do not require a user login, previously this was possible with AuthComponent::allow, now the authorization check step is done in the Middleware layer and is part of RBAC by default. You will need to move this permissions to your config/permissions.php, but don’t worry because this migration is very simple. For example, to enable the `index` and `view` actions you needed to have this code in your `ArticlesController`. /** * @inheritDoc */ public function initialize() { parent::initialize(); $this->Auth->allow(['index', ‘view’]); } In this new version we don't need to call Auth->allow, but instead we just have to include a permission of type 'bypassAuth' in config/permissions.php [ 'controller' => ‘Articles’, 'action' => [‘index’,’view’], 'bypassAuth' => true, ],   Check a sample permissions file at: https://github.com/CakeDC/users-example/blob/9.next-basic-with-custom-username/config/permissions.php Don’t forget to remove this snippet from your controller: $this->Auth->allow(['index']);  

Replacing AuthComponent::user

Your application probably uses the AuthComponent::user method in at least one place, in fact it should be the method that you use the most from this component. The good news is that the migration here is the easiest, because instead of using this method, we will obtain the user data from a request attribute. If you had something like this: //Get all user data $user = $this->Auth->user(); //Get the user id $userId = $this->Auth->user('id');   Now you can get the user (identity) data this way: $user = $this->getRequest()->getAttribute('identity'); $userId = $user['id'] ?? null; //OR $userId = $this->getRequest()->getAttribute('identity')['id'] ?? null;  

Be careful with direct access from session data

Avoid the direct access of user data from session, it will only return the user data after authenticator has persisted, and this may not happen when you try to read from session.  

Additional information

In the previous version we used the `Auth` configuration to customize the Auth component, now we have specific configurations to be used in the authentication and authorization process related to the new plugins. For example `Auth.Authenticators` and `Auth.Identifiers` provides information needed to setup authentication to work with Form, Token, Cookie (Remember Me) and Social (when enabled).  

Form Authentication with email

One of the most common needs for user login is the ability to change the fields used for login via the form. The default behavior allows login by username or email, but let's assume you want to restrict login only by email, you can do it by including the following in your config/users.php file: 'Auth.Identifiers.Password.fields.username' => 'email' You can get a sample app at https://github.com/CakeDC/users-example/tree/9.next-basic-with-custom-username  

That’s all for today

In the plugin's documentation you can find more information about the available configurations and please be sure to check the migration guide if you have not https://github.com/CakeDC/users/blob/9.next/Docs/Documentation/Migration/8.x-9.0.md. The Auth component's migration shouldn't be very complicated, as our idea for the plugin was to offer you a set of default configurations to make it easier to use. If you have a config/users.php file it is recommended to compare it with the new users.php file from plugin. That’s all for today, are you using the new version? Have suggestions for new features? Tell us what you think.

We Bake with CakePHP