Digital Craftsman

php

Remove array element by value in PHP

With collection types like those provided in Doctrine you have methods like removeElement(). When using plain arrays we unfortunately don't have those useful helper functions. What we can use though is a combination of array_search and unset: if (($key = array_search($id, $arrayToClean, true)) !== false) { unset($arrayToClean[

php

Remove JWT refresh token on logout in Symfony

Using JWT has a few advantages when working with SPAs, but also a few security disadvantages. One of them is that (depending on the implementation) with only a refresh token you can initiate a new session. This is especially problematic if it's not cleared after logout which is

php

Blackfire Setup with MAMP Pro

Blackfire is kind of a profiler for pro users and MAMP Pro is used mostly for starters. But that doesn't mean that you're not a pro when using MAMP or that Blackfire is only useful for "professionals". It only means that there are not

node

Increase node memory limit for build

When running bigger applications you might run into the memory limit of node. I had that issue recently with an Angular application. Usually the build process is triggered through npm run build and the build process is defined in the package.json the following way: "scripts": { ... "build&

security

Improve JWT security with single use refresh token

One of the security issues with JWT is the refresh token used to generate a new JWT. Once an attacker gets access to the refresh token, he can use the it to generate as many tokens as he wants until the refresh token expires. An improvement here is a feature

mysql

Select for empty JSON array in MySQL

Should be as simple as NOT list = '[]', but of course it's not. There is a separate JSON function for it called JSON_LENGTH with which we can check it: SELECT id FROM users WHERE NOT JSON_LENGTH(roles) = 0

php

Manually check if password is valid in Symfony

Just using the same encoder, encoding a plain password and matching those two against each other seams the logical solution, but doesn't work as the hash won't be exactly the same depending on the hashing algorithm and salt used. Let's start with something easier,

php

Prevent XSS through HTML sanitization with HTML purifier

Sanitizing of HTML content from a user is one of the most important parts to secure an application against XSS attacks. In PHP you can use a simple strip_tags() call with a whitelist. But there are more sophisticated solutions like the following. With the HTMLPurifier library you can not

php

Generate file name including german umlauts in PHP

I build a download for a file where the filename is not the original one but should be dependent on the project name. But those projects contains special characters, so I needed a smarter function then just "remove spaces". I came up with the following: public function sanitizeFileName(

console

Zip file with password on Mac

Recently I wanted to send a zip file with a password for sending confidential data to a colleague. But I didn't want to download a separate app for it. Luckily there is a easy command line tool for it called - I could have guessed - zip with

testing

Keep local storage in Cypress

When using cypress for tests, your session and local storage data will be cleared after every test. This is a good default, but might make the tests slower as the login is one of the slowest part of most applications (as the password hashing in the background takes a lot

security

Slow user creation because of password generation in fixtures

Creating user for tests can be really time consuming due to the password hashing. This is no accident. The hashing has to be slow. This is no bug, but a feature. Slow in creation also means slow to crack. Creating things like rainbow tables is way more expensive this way.

symfony

Cors Listener in Symfony backend

When working with a frontend and backend on different domains I run into issues with the cors headers. Here's a way to solve them for a Symfony backend. A setup might look like the following: * www.awesomeproject.tld (Your Website - Frontend) * app.awesomeproject.tld (Your API -

console

Jump to beginning of line in iTerm

When working with iTerm or a console in general I hate it that I can't jump words forward or backwards with ALT + Arrow keys. Now I found a way to do this. And it's so simple I just didn't know the term "Natural

symfony

Serialize null as undefined with Symfony serializer

There are two popular packages when for serialization when working with Symfony or with PHP in general. One serializes null as undefined and one as null. The one serializing it as undefined by is the JMS serializer [https://jmsyst.com/libs/serializer]. Both packages are getting faster and depending on

phpunit

To many open files in PHPUnit

Running bigger projects with more moving components leads to more files being used at one time by the system. This is in issue for example when running PHPUnit. An error message you might get is: failed to open dir: Too many open files The amount of files you can have

doctrine

Use inner join in doctrine query builder

Usually all joined entities are automatically joined and returned by Doctrine. Depending on the fetch (EAGER or LAZY). This is done directly or not. But when you want to filter depending on joined columns, you have to join manually. You can use strings for this or use the constants provided

css

Overflow text with dots in CSS

When using a column layout and are not controlling the content, it can happen, that the content get's too long and kills the layout. To prevent this you can cut the content and still make this apparent to the user. .overflow-dots { overflow: hidden; text-overflow: ellipsis; white-space: nowrap; width:

doctrine

Define default value in Doctrine annotation

Setting defaults on the database level makes a lot of sense to prevent the chance of issues arising in the application. Having the configuration for it in the Doctrine annotations makes things easier because you can also automatically generate migrations for it. In MySQL the keyword to use is DEFAULT.

php

Run only one test in PHPUnit

While writing your tests, you of course don't want to run your whole test suite again and again to check if one tests runs through. There are ways to group tests with @group annotations and ways to run just one file by suppling the path to the file.

mysql

Truncate table with foreign key constraints

When handling MySQL migrations or other testing instances on databases you often want to delete data from the database. But of course your applications uses constraints. Why wouldn't it, it makes the application development way safer. But it's annoying while doing the testing. So when you&

symfony

Catch all routing in Symfony

When building single page applications, I still base them on top of symfony as I want to use the Symfony profiler. The whole routing should still take place in the frontend, so I want to redirect all routes to the frontend except those starting with /api. To archive this I&

php

Filter array content with whitelist in PHP

Request validation in PHP is quite easy. There are awesome libraries like beberlei/assert. But most functions are geared towards validating if a specific content is available and in the right format. But what if you want to protect against additional attributes being send. For example if you want to

monitoring

API Monitoring with Postman collection runner (Newman)

Postman is a great tool for API development, but I also use it to do part of my monitoring. The guys from Postman offer a monitoring service, but it's quite pricy if you have a lot of API endpoints and want to run it frequently. With newman [https:

security

Generate a new JWT public and private key

JSON Web Tokens are becoming more and more common in single page applications and I'm also using them in multiple projects. But I also forget how to generate a new token (private and public keys). Which is a common task as you should have a different token in