Hi i am new to codeception unit testing and i am using it with Yii2. I know the user of functions expect_not() and expect_that() and also know little about expect() function and uses it to check key in error array.
However I don't know the use of expect_file(). I searched little in internet but found not any good help. can anyone please give me little description about the use of this function.
expect_file() is used to verify with assertions specific to file system objects. It has two parameters (one is optional).
If you call this function with a single parameter, it will be used as the Subject Under Test file name. if it is called with two parameters, will be used as a description to display if the assertion fails but if you if you call it with 0 or more than two arguments it will throw a bad method call exceptions.
You can use it like this
expect_file('filename.txt')->exists();
expect_file('filename.txt')->notExists();
BTW expect_file() is an alternate function for verify_file().
I'm trying to add user groups in my API developed using Luracast Restler using the example class "AccessControl" which implements the iAuthenticate class from Restler.
Files: https://gist.github.com/anonymous/d6a315d1f29dc7722b7d
The problem I'm having is with the method defined in AccessControl::__isAllowed() like so:
Resources::$accessControlFunction = 'AccessControl::verifyAccess';
AccessControl::verifyAccess is never called, so I can't use
$m['class']['AccessControl']['properties']['requires']
to read the requirements for the method being called in the API.
The token system I've added is simply a unique identifier based on a number of criteria which the user gets when a POST /user/token is processed with the correct information.
How can I make this work like it should? According to the docs for Restler, I should be able to have a method defined like I did and it should return a boolean value, like it does. But it never gets called, so...
Boy, do I feel stupid. Turns out I don't actually need the $accessControlFunction. I just had to use {#Requires ...} instead of {#requires ...} in my Test.php class.
Carry on, good people!
I have been experimenting in CakePHP with links and noticed that sometimes you just pass parameters and sometimes pass them with names prefixed. What is the difference between the two links:
$this->Html->link('Edit', array('controller'=>'users','action'=>'edit', $user['User']['id']));
$this->Html->link('Edit', array('controller'=>'users','action'=>'edit', 'id'=> $user['User']['id']));
The URL they create is largely irrelevant due to the routing capabilities, but in the first example I access the id directly in the controller method like:
public function edit( $id )
but for the named parameter I would have to physically pass it using the router!
Can anyone shed some more light on this? What the difference is and when to use each...
Also worth noting is that in CakePHP 3.0, they have removed named parameters which seems odd because BOTH links would still work... Any thoughts on this?
you dont have to pass named paramteres through the router.
they simply end up in
$this->request->named[...] // or
$this->request['named'][...]; // or
$this->request->params['named'][...]
they will be removed in favor of query string parameters: "?foo=bar&..."
which then will be (as already!) available via
$this->request->query('foo'); // >= 2.3
$this->request->query['foo']; // <= 2.2
etc
passed will also always be available via
$this->request->pass[...]; // or
$this->request['pass'][...]; // or
$this->request->params['pass'][...];
but that you could have all found out reading http://book.cakephp.org/2.0/en/controllers/request-response.html
the main difference between passed onces and named/query is that the latter are more exchangable whereas the passed onces due to their direct access in
public function xyz($one, $two, $three)
are more deeply integrated then and should be used for distinctive information passed.
the named/query ones don't have a specific order and are more like pagination and other fluent information.
for me passed parameters actually change the site (own canonical link etc) whereas the others don't do that and "canonical-link" back to the site without any named/query parameters (to avoid duplicate content on pagination etc).
I'm consuming a web service in PHP. If the service returns 2 or more records the object comes back as an array. However, if I call the same service that returns 1 record, the object is not an array. This makes for some messy logic having to watch for both cases when one would think PHP could be smart enough to handle this appropriately and always return an array of 1 element.
So my question is - is there a way to force the return object to always be an array? Some property in the call or something?
EDIT
I'm using PHP's soapclient library. The service is an in-house one that returns an array of a custom class.
you could try the following:
$client = new SoapClient("http://host/services/some.wsdl",
array('feature' => SOAP_SINGLE_ELEMENT_ARRAYS));
This should make php behave the way you want.
Also you might find this dotvoid article interesting.
HTH
im re-factoring php on zend code and all the code is full of $_GET["this"] and $_POST["that"]. I have always used the more phpish $this->_request->getPost('this') and $this->_request->getQuery('that') (this one being not so much logical with the getquery insteado of getGet).
So i was wondering if my method was safer/better/easier to mantain. I read in the Zend Framework documentation that you must validate your own input since the request object wont do it.
That leaves me with 2 questions:
What is best of this two? (or if theres another better way)
What is the best practice for validating php input with this methods?
Thanks!
I usually use $this->_request->getParams(); to retrieve either the post or the URL parameters. Then I use the Zend_Filter_Input to do validation and filtering. The getParams() does not do validation.
Using the Zend_Filter_Input you can do application level validation, using the Zend Validators (or you can write your own too). For example, you can make sure the 'months' field is a number:
$data = $this->_request->getParams();
$validators = array(
'month' => 'Digits',
);
$input = new Zend_Filter_Input($filters, $validators, $data);
Extending Brian's answer.
As you noted you can also check out $this->_request->getPost() and $this->_request->getQuery(). If you generalize on getParams(), it's sort of like using the $_REQUEST superglobal and I don't think that's acceptable in terms of security.
Additional to Zend_Filter, you may also use simple PHP to cast the required.
E.g.:
$id = (int) $this->_request->getQuery('id');
For other values, it gets more complicated, so make sure to e.g. quote in your DB queries (Zend_Db, see quoting identifiers, $db->quoteIdentifier()) and in views use $this->escape($var); to escape content.
You can't write a one-size-fits-all validation function for get/post data. As in some cases you require a field to be a integer and in others a date for instance. That's why there is no input validation in the zend framework.
You will have to write the validation code at the place where you need it. You can of course write some helper methods, but you can't expect the getPost() to validate something for you all by itself...
And it isn't even getPost/getQuery's place to validate anything, it's job is to get you the data you wan't, what happens to it from there on should not be it's concern.
$dataGet = $this->getRequest()->getParam('id',null);
$valid = new Zend_Validate_Digits();
if( isset($dataGet) && $valid->isValid($dataGet) ){
// do some...
} else{
// not set
}
I have always used the more phpish $this->_request->getPost('this') and $this->_request->getQuery('that') (this one being not so much logical with the getquery insteado of getGet).
What is best of this two? (or if theres another better way)
Just a quick explanation on the choice of getQuery(). The wording choice comes from what kind of data it is, not how it got there. GET and POST are just request methods, carrying all sorts of information, including, in the case of a POST request, a section known as "post data". A GET request has no such block, any variable data it carries is part of the query string of the url (the part after the ?).
So, while getPost() gets the data from the post data section of a POST request, getQuery() retrieves data from the query string of either a GET or POST request (as well as other HTTP Request methods).
(Note that GET Requests should not be used for anything that might produce a side effect, like altering a DB row)
So, in answer to your first question, use the getPost() and getQuery() methods, this way, you can be sure of where the data source (if you don't care, getParams() also works, but may include additional data).
What is the best practice for validating php input with this methods?
The best place to validate input is where you first use it. That is to say, when you pull it from getParams(), getPost(), or getQuery(). This way, your data is always correct for where you need it, and if you pass it off, you know it is safe. Keep in mind, if you pass it to another Controller (or Controller Action), you should probably check it again there, just to be safe. How you do this depends on your application, but it still needs to be checked.
not directly related to the topic, but
to insure that you get an number in your input, one could also use $var+0
(however if $var is a float it stays a float)
you may use in most cases
$id = $this->_request->getQuery('id')+0;