PHPUnit Upload file testing

Testing file upload using phpunit can be challenging. Below are two ways you can test file uploads in phpunit integration tests.

When you’re testing an API with file upload, API Payload and File Payload must be sent separately.

Using fake file:

public function testUpload()
{
    $fileData = [
        'attachment' => UploadedFile::fake()->create('fakefile.pdf', 100)
    ];    

    $data = [
        'first_name' => 'John',
        'last_name' => 'Doe',
    ];    

    $url = 'http://localhost/upload';    

    $this->call(
      'POST', 
      $url, $data, [], $fileData, 
      $this->transformHeadersToServerVars([
        'Authorization' => 'Bearer xxxx'
      ])
    );    

    $this->assertResponseOk();
}

Using Original/Real file:
Here UploadedFile function has 6th parameter called testing which needs to be set true.

public function testUpload()
{
    $filePath = storage_path('realfile.pdf'); 

    $fileData = [
        'attachment' => new UploadedFile($file, null, null, null, null, true); 
    ]; 

    $data = [
        'first_name' => 'John',
        'last_name' => 'Doe',
    ];    

    $url = 'http://localhost/upload';    

    $this->call(
      'POST', 
      $url, $data , [], $fileData, 
      $this->transformHeadersToServerVars([
        'Authorization' => 'Bearer xxxx'
      ])
    );    

    $this->assertResponseOk(); 
}

High-Performing Teams

Further Research to be done:
– Accountability vs Responsibility among Agile Team & the manager?

Resources:
https://www.personneltoday.com/hr/five-principles-of-high-performing-teams/
https://www.adventureswithagile.com/2017/09/25/model-high-performing-teams/

PHP Performance Monitoring using Xdebug Profiler

Installation:
If you are using docker for your development add below in your php.ini file:

zend_extension="/usr/lib/php/20160303/xdebug.so"
xdebug.remote_enable=1
xdebug.remote_handler=dbgp
xdebug.remote_port=9001
xdebug.remote_autostart=1
xdebug.remote_connect_back=0
xdebug.idekey=PHPSTORM
xdebug.remote_host=<YOUR_NETWORK_IP>
xdebug.profiler_enable_trigger=1
xdebug.profiler_enable=0
xdebug.profiler_output_dir="/var/www/storage/logs"

Now when you execute your API add below as a query parameter:

Example: http://localhost:8080/test?XDEBUG_PROFILE=1

If you enable profiler as default your php scripts will run very slow. So only use it when you need it.

Useful Links:

https://stackoverflow.com/questions/8077993/can-i-manually-say-on-xdebug-profiler-to-start-profiling-in-specific-place

Git Tips – Cherry Picking using SourceTree

When there is a situation where you want to get only the changes or lines of code from some branch but not merge the whole branch, you can make use of cherry pick.

Lets say there was a bug in production and somebody in your team fixes that bug in there branch and commits it. You can cherry pick those lines of code (to be specific its all code from the last commit).

In below example: we are checkout in production branch and we are cherry picking the commit called “document and allocation export issue fixed” from KEY-1978 to production.

Securing REST APIs

  • Remember to hide your client credentials by making the auth request in a proxy
  • Save the refresh token in a HttpOnly cookie to minimize the risk of XSS attacks

OAuth grants

OAuth let’s you authenticate using different methods – these methods are called grants.

Grant typeUsed for
Client CredentialsWhen two machines need to talk to each other, e.g. two APIs
Authorization CodeThis is the flow that occurs when you login to a service using Facebook, Google, GitHub etc.
Implicit GrantSimilar to Authorization Code, but user-based. Has two distinct differences. Outside the scope of this article.
Password GrantWhen users login using username+password. The focus of this article.
Refresh GrantUsed to generate a new token when the old one expires. Also the focus of this article.

References

http://esbenp.github.io/2017/03/19/modern-rest-api-laravel-part-4/