Categories
Uncategorized

We live inside now

Everyone is inside because of COVID-19. We live in interesting times. So far, I’m still programming from home as normal, despite a lot of big changes for everyone else in the business where I work.

TOTP is a time-based one-time password algorithm

Our Magento sites have two-factor authentication on the admin login screens, and it is only required outside the office network. If you’re at home, you need your username, your password and a code which changes a few times every minute.

Everyone in the business who’s now working from home, but who didn’t in the past, needs to be running an app on their phone to get those codes. When you set that up a few times, especially for other people, you hit every known problem with TOTP.

For example, you spend a long time working out why the code isn’t working, only to realise that the user is trying the wrong password. It’s common for users not to know their passwords (and not to know that they don’t know them) when they’re accustomed to using browser auto-fills.

Or: another user’s mobile phone clock was off by 36 seconds, so the generated codes were wrong. Visiting time.is from the device helps; it shows how your own clock compares to that of an atomic clock, somewhere, and it (the website, not the atomic clock!) will apparently “normally have a precision of 0.02-0.10 seconds”. Fix the time on their phone, and all is well.

SOAP, Python and Zeep

Everyone’s talking about soap at the moment, but I’m talking about SOAP.

I migrated one of our shipping carrier integrations from one SOAP API to another. The Zeep Python library and the service’s WSDL URL meant that I didn’t have to spend too much time looking at raw XML.

But let’s be honest: I still don’t fully understand how SOAP works, even though this particular integration is now up and running smoothly.

Debugging outbound mail from your web application

If you’re a developer, this is one of those things you’ve either been doing forever, or one of those things you will want to do forever.

When you’re running a dev environment, you need to see which emails come out of it, without actually sending them to anyone. MailCatcher can help.

First, you tell your application to connect to MailCatcher instead of connecting to an SMTP server whenever it’s time to send an email. The outgoing emails are intercepted and presented in a simple web interface, ready to read and debug.

I can’t speak to its usefulness in testing the layout or design of the emails, but it certainly makes it easier to debug their content or to verify that they’re definitely being sent in the first place.

What’s even more important: if you do have any real email addresses in your development environment, it helps you avoid sending emails to real people by mistake.

I run Docker dev environments, so I added a new container to each of them based on an existing MailCatcher image I found on Docker Hub.

I have large SQL scripts for each Magento website which I use to sanitise the production data before loading it into my dev database. I adjusted those scripts, adding a few simple queries to point Magento’s SMTP settings to the MailCatcher containers.

Now, when I pull data from production to development, it gets sanitised and the outgoing emails get routed to MailCatcher without me having to think about it.

It’s nothing too new or shiny, but it’s one of those changes that sticks around in dev envs for years; one less fiddly distraction to worry about in numerous ongoing projects.

Who doesn’t dislike Magento 1.x upgrades?

Magento 1 is almost end-of-life but many merchants are still running it and making various plans to keep running it securely after the deadline. The move to Magento 2, or another platform entirely, is a big project, especially if you’ve built a lot of bespoke modules, integrations and theme changes on top. Even if you’ve done it the right way, without modifying the core.

In the meantime, we still see an occasional version bump within Magento 1.

Ahead of a move to PHP 7.2 (long overdue), I’m upgrading from 1.9.0.1 to 1.9.4.3. It’s a time-consuming process, but I was pleased to see that it’s not just me who feels that way.

Leave a Reply

Your email address will not be published. Required fields are marked *