| Ruby |
Rubyタグが付けられた新着投稿 - Qiita |
deviseに自動的に設けられているバリデーション |
https://qiita.com/Q-junior/items/174373ab44bb6c2b011a
|
suserrbclassuserltapplica |
2022-04-08 23:39:50 |
| AWS |
AWSタグが付けられた新着投稿 - Qiita |
Amazon FSx for NetApp ONTAPをAmazon EKSのPersistentVolumeのバックエンドストレージとして使ってみた(本編) |
https://qiita.com/seijitanabe/items/c6c91eacaa89dcba2864
|
amazoneks |
2022-04-08 23:25:59 |
| Docker |
dockerタグが付けられた新着投稿 - Qiita |
【Docker】Next.jsの環境構築 |
https://qiita.com/P-man_Brown/items/bf2a7304eba5a54712bb
|
docker |
2022-04-08 23:18:24 |
| 技術ブログ |
Developers.IO |
GitHub Actionsでsetup-node actionを使って依存関係をキャッシュする |
https://dev.classmethod.jp/articles/caching-dependencies-in-workflow-execution-on-github-actions/
|
githubmarketplac |
2022-04-08 14:55:20 |
| 海外TECH |
MakeUseOf |
How Do Social Networks Make Money? Explained |
https://www.makeuseof.com/tag/how-do-social-networks-make-money-case-wondering/
|
companies |
2022-04-08 14:45:13 |
| 海外TECH |
MakeUseOf |
How to Start a Podcast on Spotify |
https://www.makeuseof.com/how-to-start-a-podcast-on-spotify/
|
spotify |
2022-04-08 14:30:13 |
| 海外TECH |
MakeUseOf |
7 Ways to Fix the Windows Registry Editor When It Won’t Respond |
https://www.makeuseof.com/windows-registry-not-responding-fix/
|
Ways to Fix the Windows Registry Editor When It Won t RespondThe registry is handy for fixing problems but sometimes it has issues for itself Here s how to fix an unresponsive registry editor on Windows |
2022-04-08 14:15:14 |
| 海外TECH |
DEV Community |
Happy React: Reactions on your website for free |
https://dev.to/perfect7m/happy-react-reactions-on-your-website-for-free-2ebo
|
Happy React Reactions on your website for freeI created a SaaS product to add reactions to your website It s free and very performant You can use it on your blogs documentation pages or inside applications What Happy React provides a widget on your website for adding reactions You can attach it to your blog post so you can get reactions to see how people react to your content This way you find out what your readers like and how your content performs Also it s adding social proof of your content for other readers It s not limited to posts or articles You can add widget to documentation pages or any part of your application Get feedback about how your users appreciate your work The widget is lightweight Only kb size of initial load Widget is lazy loaded by default It has ZERO negative impact on Lighthouse scores You can customize the styles including the light and dark versions of your reactions Also you can customize what reactions and how many of them are displayed in your widget You can see how a widget is working under this post Give it a try and leave your reaction Why I wanted to add reactions to my blog When I was searching for a solution I found many services offering ugly heavy widgets to gather feedback about your website I didn t want to go that way I wanted to integrate it with my current blog which is minimal and without heavy JS loading I made the decision I m making my custom reactions widget But there was another problem I can make it within a weekend for my blog but I have other projects where I can use it too That s how the idea for Happy React begins How That s my favorite part of every application How is it built It s built with NextJs Tailwind and Supabase That s not the end I made a widget to attach to the website with Svelte It s incredibly performant and has a small footprint out of the box Lastly there are other tools complete the whole development TruboRepo and Nextra When Now If you find it can be a good fit for your website please join the waitlist I m collecting feedback about it squashing bugs and adding more features Let me know in the comments or on Twitter what you think about it SummaryHappy React is for every developer that wants to seamlessly add a reactions widget to its website You can check documentation pages on how to add them to your project I m super excited about this project |
2022-04-08 14:24:35 |
| 海外TECH |
DEV Community |
Some Cool CSS Hover Animations found.... |
https://dev.to/lmas3009/some-cool-css-hover-animations-found-57p6
|
Some Cool CSS Hover Animations found Here we few cool CSS Hover animations found on internet Here are the cool CSS animationsBubble coloring button Code Animated button with rainbow hover prideCode Button Hover EffectCode Stylized ButtonsCode Click MeCode BUTTON HOVER EFFECTCode CSS Background Color Change on HoverCode EC card hover Code Caption Hover EffectsCode Tessellations eCommerceCode For More CSS Hover Animations Follow bellow links ThanksHappy Coding |
2022-04-08 14:24:21 |
| 海外TECH |
DEV Community |
Day 4: Speedrunning jQuery in 1 hour |
https://dev.to/kemystra/day-4-speedrunning-jquery-in-1-hour-2n8j
|
Day Speedrunning jQuery in hourThe Feynman technique says that teaching a subject makes you better at it which is what I m trying to do here You may correct me if you saw mistakes in this post Editing HTML through jQueryUp to this point we have edited its properties and its CSS styles Now we re finally learning HTML manipulation with jQuery Firstly text and html functions textblock text ipsum dolor sit amet ice cream smol text html lt em gt A wild Pokemon appears lt em gt They add contents inside of the targeted element The difference is that text only allows plain text while html allows HTML tags to be rendered kinda unsafe against XSS Secondly remove appendTo and clone lt div id food gt lt p id joe gt Mama lt p gt lt div gt lt p id dessert gt Crepe mousse parfait etc lt p gt lt p id people gt kids lt p gt lt script gt joe remove remove JOE MAMA dessert appendTo food Move dessert into food people clone appendTo food Put kids as foods lt script gt Note that clone don t actually duplicate them it s mostly used with appendTo to actually work And thirdly parent and children p parent css background color black body children css color pink parent refers to its direct parent and children refers to all of its children Hint children in plural What s amazing is how to refer to specific elements in a class or element type Here we can use this kinda unknown to me CSS selector element nth child n where element is a class or element type and n is a number which is one indexed so gonna remember that body nth child text I m number lol Or if you feel fancy use odd or even list odd css background color red list even css background color blue This count is zero indexed which must be remembered AfterwordsYay I got a lot done today A productive day indeed We re gonna do SASS next which is short and I m already using it Gonna plow through it and maybe even add a bit of React tomorrow Follow me on Github Also on Twitter |
2022-04-08 14:22:26 |
| 海外TECH |
DEV Community |
Spotify, Bandcamp and Hanging Out |
https://dev.to/gautamgautam/spotify-bandcamp-and-hanging-out-4b61
|
Spotify Bandcamp and Hanging OutWe need more unpolished spaces online We need more spaces to hang out For a lot of Web people would exchange geocities URLs that would just be collections of DragonBall Z gifs We d be proud of getting a glitter effect to sparkle over our MySpaces An ugly Neopets page didn t feel so embarassing As software engineers we should create more spacers for users to create and engage deeper Think about Spotify and Bandcamp It s hard to compare the two Spotify in had about million subscribers and Bandcamp sold million digital albums An easier way to think about the two is to ask anyone if they ve heard about Bandcamp and you re going to find a lot more nope s than if you ask around about Spotify Spotify is just easier to use than Bandcamp There s an element of hanging out incorporated into Spotify with the Discover playlist It s easily integrated into apps like Discord where in less than five minutes of set up you can queue a playlist for your voice channel Bandcamp s strength is it is beloved by its users They pay their artists more fairly The company is profitable and growing I would love a Bandcamp or any space where the user is invited to create Maybe you can fiddle with your all time favorite bands Spotify has those year end music charts which feel very similar to the Last Fm scrobbler People love sharing what they love People love hanging out And in the case of Bandcamp I think they should lean into this old internet vibe of just hanging out |
2022-04-08 14:21:01 |
| 海外TECH |
DEV Community |
🕵🏽 Debug VS Code Keyboard Shortcuts |
https://dev.to/ma3574/debug-vs-code-keyboard-shortcuts-34i9
|
Debug VS Code Keyboard ShortcutsSharing an article I originally wrote here ProblemWhilst using VS Code my Cmd N keyboard shortcut stopped creating a new fileI was stumped on how to figure out what was causing the issue SolutionLooking around on Stack Overflow people suggested looking at the Keybindings as installed plugins can cause keyboard shortcut conflictsIn VS Code go to Preferences gt Keyboard ShortcutsWhilst poking around here I discovered a handy little feature of VS Code where you can type a keyboard shortcut and find out what it s mapped to You just have to click the little keyboard icon I typed in Cmd N and lo and behold it popped up with two entries and I found the source of the conflict and deleted the conflicting oneHope it helps someone figure out their issues If you d like to keep up with technical blog posts on a variety of topics please feel free to join me on upsync dev |
2022-04-08 14:20:44 |
| 海外TECH |
DEV Community |
Introducing PCB-rs : Making it easier to write hardware |
https://dev.to/yjdoc2/introducing-pcb-rs-making-it-easier-to-write-hardware-397m
|
Introducing PCB rs Making it easier to write hardwareRemember the post I wrote about months ago Asking why you don t write much hardware In it I said I was writing a library to make it easier Well I have completed the initial release version of it Quick note I don t usually ask this but please share this article or directly the library on your socials or such I have spent quite some time on developing it and I really want people who can benefit from this to use this Your share might help this reach someone who needs it Thank you So what is it Well I m happy to share with you pcb rs This is a library which will make it much easier for you to write hardware components and simulate them It does this by giving you two proc macros which you can use with your run of the mill structs and it will generate the interface implementation for you Why Because I want to make it easier for people who wish to explore hardware to do so This does not aim to be the perfect and most accurate simulation ever or try to replace VHDL because it does not This aims to be a rung in the ladder from high level programming language to hardware level That way those who are just starting to explore it will have to jump a little less height they can still work in comfort of Rust but can have the taste of things that one has to consider when designing hardware It is choose your own difficulty hardware design Show don t tellHere I m showing how you can write a simple byte RAM as a hardware component using my library use pcb rs Chip derive Chip pub struct Memory pin input addr u pin io io latch data Option lt u gt pin input is active bool pin input is read bool io latch bool pub mem u impl Chip for Memory fn tick amp mut self if self is active self io latch true return if self is read let addr self addr as usize let data self mem addr self data Some data self io latch false else let addr self addr as usize let val self data unwrap self mem addr val Here the derive Chip is my prco macro which automatically implements the required traits for your chip and you just have to write impl Chip which defines the processing logic of your chip Thus in about lines we have a working RAM This is also modular it can be used with other components such as CPU And pcb rs also provides another macro for that pcb PCB chip cpu chip mem cpu addr bus mem addr cpu data bus mem data cpu mem active mem is active cpu read mem mem is read Yep That s it That s all you have to define to interface a CPU and the RAM the pcb macro will parse this derive the logic for validating the chips given to it derive the logic to verify the pin connection derive the logic for passing values from one chip to another and write the builer and pcb struct Now to actually place the RAM and CPU pins in it let mem Box new Memory new let cpu Box new CPU new let temp PCBBuilder PCBBuilder new let temp temp add chip cpu cpu add chip mem mem let mut pcb PCB temp build unwrap pcb tick This will place the chips in the builder validate that correct chips have been placed and give you the PCB struct which contains all the running logic after calling build The PCB itself will have the tick method which will run your chips And you know what this itself is modular You can use such chips as part of some other PCB and so on Wait you re telling me this is easier Well yeah This will allow you to write Hardware components from comfort of Rust before you get into something more complex as VHDL Also you have to write just the struct and annotate what members you want to use as pins and then write the processing logic for the chip Everything else is derived by the macro for you Same for pcb you just have to define the chips connections and what pins you want to expose to others rest including the actual struct will be derived by the macro Ok show me moreI know this is pretty different that what many of you might be usually doing So as examples I have written several components that range from pretty basic to a bit complex You know what s more As Rust can compile to WASM I have also done that and have made a web interface for the examples You can run them directly from your browsers Check it out at Currently the examples consist of Basic gates such as Not And Or Xor wikipediaRipple carry adder wikipediaLook ahead Carry adder wikipediaSR D T JK Latches wikipediaStraight and Twisted Ring counters wikipediaCPU and PCB example which I showed aboveYou can try all these right in your browser at I made these particular examples as these are usually a part of basic hardware electronics course so these will be a good taste of how pcb rs library can be used for that Links Links and LinksSo The library YJDoc pcb rs A library to easily write software emulated hardware Pcb rsA library to easily wite Software Emulated HardwareThis library provides two macros Chip and pcb which can be used to write software emulated hardware components Chip is a derive macro which can be used on structs to automatically implement the necessary interfaces for the struct to be treated as a Hardware Chip and you only need to implement the tick function which will be called on each clock cycle to run the logic of your chip pcb macro is used to define a PCB where you can connect multiple chips and it will manage connecting pins of chips verifying the connections and passing the data on the connected chip One of the aims of this library is modularity and reusability thus the pcb created can be further used as chips in some other pcb ans so on There are some finer points to be noted when creating… View on GitHubThe examples YJDoc pcb rs examples Repository containing examples of usage of pcb rs PCB RS ExamplesThis repository contains examples to demonstrate use of pcb rs To see more information about what is pcb rs the reasoning behind it and basic syntax and examples visit its repository at This repository contains various examples on how to write components as well as how to reuse components from other libraries to create a composite component Each of the directories contain their own readme describing the that particular example The web version of these examples is hosted at yjdoc github io pcb rs examples so you can try them right in your browser without needing to install anything as well as show the possibilities with this library and WASM for making such electronics related tools and simulations Various directories in this repo contain different examples and their details are explained in their own readmes in that directory Currently this repo contains following directories Basic Gates This contains basic… View on GitHubThe Web interface for the examples And Go Check It Out Try it out in your own projects share the projects and let me know how are you using it And as I said in the start I don t usually ask this but please consider sharing this I really want this to help people who want to get into hardware Your share will help this reach more people Also if you think this is interesting consider starring it on GitHub That might also help getting this more attention Let me know in comments your thoughts and reviews for this Thanks a lot for reading Note header image is taken from google images search and is not mine |
2022-04-08 14:20:04 |
| 海外TECH |
DEV Community |
چک لیست شبکه های اجتماعی |
https://dev.to/rebekahmckay11/chkh-lyst-shbkhh-hy-jtmy-2b9i
|
چکلیستشبکههایاجتماعیدرصورتیکهبازاریابیشبکههایاجتماعیرابهتازگیآغازکردهاید،تهیهیکچکلیستبرایمدیریت آنهاضروریاست دراینمقاله،ماچکلیستنهاییشبکههایاجتماعیراارائهمیدهیمکهشاملگامهایروزانه،هفتگی،ماهیانهودرنهایتبرنامهریزیفصلیوگرفتنگزارشازاقداماتانجامشدهاست تهیهاینچکلیستبهشماکمکخواهدکردتابرنامهریزیبهتریداشتهباشید |
2022-04-08 14:19:33 |
| 海外TECH |
DEV Community |
Color Picker |
https://dev.to/vladimirkheifets/color-picker-2gjc
|
Color Picker CompactDOM script Color Picker Version Author Vladimir Kheifets kheifets vladimir online deCopyright Vladimir Kheifets All Rights Reserved CompactDOM on GitHubOnline tutorial of the Java Script Library CompactDOMColor Picker CompactDOM script on GitHubColor Picker Demo index html lt html gt lt head gt lt script type text javascript src CompactDOM min js gt lt script gt lt script type text javascript src js index min js gt lt script gt lt head gt lt body gt lt body gt lt html gt CompactDOM Script index js The ready method with default selelector window calls an anonymous functionafter the page is fully loaded ready gt Defining head and body elements body body head head The create method creates a child element title in the parent element head lt title gt Color picker lt title gt head create Color picker tag title The link method with default selelector head creates two child elements link in the parent element head lt link href css index css rel stylesheet type text css gt lt link href css modal css rel stylesheet type text css gt link css index css css modal css The create method creates a child element meta in the parent element head lt meta charset utf gt head create tag meta charset utf The create method creates a child element meta in the parent element head lt meta name viewport content width device width initial scale maximum scale user scalable no user scalable gt head create tag meta name viewport content width device width initial scale maximum scale user scalable no user scalable The create method with default selelector body creates a child element div in the parent element body and defining div element lt div align center gt lt div gt div create tag div align center The create method creates a child element div in the parent element div and defining divColorPicker element lt div id color picker gt lt div gt divColorPicker div create tag div id color picker The create method creates five child elements span in the parent element divColorPicker lt div id color picker gt lt span class bgc title Click me gt lt span class bgc title Click me gt lt span class bgc title Click me gt lt span class bgc title Click me gt lt span class bgc title Click me gt lt div gt divColorPicker create tag span class bgc title Click me The create method creates a child element div in the parent element div and defining colorCode element lt div gt lt div gt colorCode div create tag div The hide method makes the colorCode element invisible lt div style display none gt lt div gt colorCode hide Defining colors array colors FFFFFF FFF FFFF FFFDDE FFEF The each method calls an anonymous function for each span elements with selector bgc NodeList this function defining each element el and index of element ind bgc each el ind gt The scc method addes to each element the attribute style background color The value of color for each attribute is determined from the colors ind lt span class bgc title Click me style background color FFFFFF gt lt span gt lt span class bgc title Click me style background color FFF gt lt span gt lt span class bgc title Click me style background color FFEF gt lt span gt el css background color colors ind The create method creates a child element input in the each parent element el and defining inp element lt span class bgc title Click me style background color FFFFFF gt lt input type color value FFFFFF gt lt span gt lt span class bgc title Click me style background color FFF gt lt input type color value FFF gt lt span gt lt span class bgc title Click me style background color FFEF gt lt input type color value FFEF gt lt span gt inp el create tag input type color value colors ind The on method with the inp selector handles the input event and calls the anonymous function inp on input e gt The hide method makes the colorCode element unvisible colorCode hide The val method with the e target selector returns the color code and defines the color variable The toUpperCase method of native js converts the value of the variable color to uppercase color e target val color color toUpperCase Defining selectors array selectors el body modal The scc method for each selector from the selector array is addes attribute the style background color or changes the previously defined value of this attribute for i in selectors selectors i css background color color Defining modalContent variable modalContent lt div gt Selected color code color lt div gt modalContent lt button gt Copy code to clipboard lt button gt modalContent lt button gt Send lt button gt Method modal with default selector modal displays a modal window with the content from the variable modalContent modal modalContent The click method for the button selector two buttons in a modal window handles the click event and calls an anonymous function button click eB gt The content method for the eB target selector returns the content of the element if eB target content Send The send button was clicked Defining colorsCode object colorsCode The each method calls an anonymous function for each input elements this function defining each element elmInput and index of element ind input each elmInput indInp gt The val method returns the value of each input element Defining the properties of the colorsCode object color elmInput val color color toUpperCase Defining the properties key value of the colorsCode object colorsCode color indInp color The send method creates a formData object from the colorsCode object and send AJAX Post Request whith default request type FormData to server url selectedColors php and returns AJAX Response with default response type text to callback function In this function the css method changes the background color to white and then the modal method displays the AJAX Response in a modal window send url selectedColors php method post data colorsCode func rsp gt modal css background color white modal rsp else The Copy color code to clipboard button was clicked The code of the selected color will be copied to the clipboard navigator clipboard writeText color The content of the colorCode element is created colorCodeContent lt br gt Color code in clipbord color colorCodeContent lt button gt Clear clipboard lt button gt colorCode content colorCodeContent The click method for the button selector buttons in colorCodeContent handles the click event and calls an anonymous function button click gt Сlear clipboard data navigator clipboard writeText The hide method makes the colorCode element unvisible colorCode hide The show method makes the colorCode element visible colorCode show The modal method with a parameter of immediately closes the modal window modal The modal method without parameters only creates the HTML code of the modal window but does not display it lt div id modal class modal style opacity transition property opacity transition duration ms transition timing function cubic bezier gt lt div class modal close gt amp times lt div gt lt div id modal content class modal content gt lt div gt lt div gt lt div id modal gray layer class modal gray layer gt lt div gt modal Outputs a current html document to the web console console log document documentElement HTML document with generated tags lt html gt lt head gt lt script type text javascript src CompactDOM min js gt lt script gt lt script type text javascript src js index js gt lt script gt lt title gt Color picker lt title gt lt link href css index css rel stylesheet type text css gt lt link href css modal css rel stylesheet type text css gt lt meta charset utf gt lt meta name viewport content width device width initial scale maximum scale user scalable no user scalable gt lt head gt lt body gt lt div align center gt lt div id color picker gt lt span class bgc title Click me style background color FFFFFF gt lt input type color value FFFFFF gt lt span gt lt span class bgc title Click me style background color FFF gt lt input type color value FFF gt lt span gt lt span class bgc title Click me style background color FFFF gt lt input type color value FFFF gt lt span gt lt span class bgc title Click me style background color FFFDDE gt lt input type color value FFFDDE gt lt span gt lt span class bgc title Click me style background color FFEF gt lt input type color value FFEF gt lt span gt lt div gt lt div style display none gt lt div gt lt div gt lt div id modal class modal style opacity transition property opacity transition duration ms transition timing function cubic bezier gt lt div class modal close gt × lt div gt lt div id modal content class modal content gt lt div gt lt div gt lt div id modal gray layer class modal gray layer gt lt div gt lt body gt lt html gt selectedColors php AJAX Post Request lt echo lt lt lt HTML lt style gt allColors width px title font size px line height px margin bottom px post border px solid margin padding px text align center lt style gt lt div style allColors gt lt div class title gt PHP script selectedColors php lt br gt AJAX Post Request was lt br gt reseived from index html lt div gt HTML foreach POST as key gt value echo lt lt lt HTML lt div class post style background color value gt POST key value lt div gt HTML gt lt div gt index cssbody div font family arial font size px button margin bgc display inline block border px solid aaa border radius px width px height px margin cursor pointer input type color opacity display block width px height px border none cursor pointer color picker color picker div display block padding background color white text align center width px border px solid aaa border radius px box shadow px px px rgba color picker div margin top px modal content width px modal css modal position absolute z index top left background color ffffff border px solid AC border radius px box shadow px px px rgba modal content display table cell text align center padding font size pt modal close font family Courier color aaa cursor pointer font size px position absolute right top margin em em caret color transparent width px modal close hover color FFCCD caret color transparent modal gray layer width height position absolute top px left px background rgba display none |
2022-04-08 14:14:48 |
| 海外TECH |
DEV Community |
Autism and UI/UX |
https://dev.to/itsagift/autism-and-uiux-3php
|
Autism and UI UXWhen most people think about accessibility in product design web design and other fields they might think about those with visual disabilities or those in a wheelchair However there are many other disabilities and divergencies that might need accommodating This month April is National Autism Awareness Month in the United States I was interested to learn what autistic people had to say about their accessibility needs One main symptom of autism is sensory processing difficulties or differences This means that autistic people interpret sensory input such as sounds textures or visual data differently In some cases this sensory input can become overwhelming leading to fatigue anxiety meltdowns or shutdowns Autistic people and their advocates have written about ways to prevent this reaction through UI UX design Livingautism com a British site wrote that people on the autism spectrum have difficulty interacting with text heavy or cluttered web pages so clearly delineated text areas simple page design and clear images go a long way Pop up elements and complicated image overlays are best avoided while simple navigation and clear page identifiers will help the user feel more comfortable and in control of their web experience Although these tips are designed to help those with autism they are also good advice for more general audiences One thing I saw repeated in several articles and blog posts about this subject was the important of customization With accessibility it is probably impossible to accommodate everyone with one design That is why responsive design breakpoints and buttons to adjust things like text size are so useful |
2022-04-08 14:14:44 |
| 海外TECH |
DEV Community |
How To Use Strings In JavaScript With Selenium WebDriver? |
https://dev.to/haritalt/how-to-use-strings-in-javascript-with-selenium-webdriver-34pi
|
How To Use Strings In JavaScript With Selenium WebDriver In computer programming we come across various data types supported by most programming languages A data type is nothing but an attribute of data that specifies which type of value a variable has and what type of operation can be performed without causing an error A string is a basic data type used for storing and manipulating a sequence of characters In this Selenium JavaScript tutorial we will have a detailed walkthrough of strings in JavaScript along with its uses and in built methods Additionally we ll also explore using JavaScript strings with Selenium WebDriver over cloud based Selenium Grid for demonstrating Selenium automation testing Let s get started What are Strings in JavaScript In JavaScript data types are classified into three main categories Primitive Data TypesNon Primitive Composite Data TypesTrivial or Special Data TypesPrimitive Data Types are built in or primary to a language They can hold only one value at a time Numbers String and Boolean come under primitive type in JavaScript Composite Data Types are derived from primitive data types They can hold collections of values and more complex entities Objects and Arrays come under this type Trivial Data Types include null and undefined Each of these defines only a single value Before moving ahead in this Selenium JavaScript tutorial let s understand more about the strings Akin to other programming languages string in JavaScript is a data type that is used to hold a sequence of characters that represent textual data They are written within quotes single or double to recognize them as a string value They are also immutable i e if you process a string you will always get a new string The original string will remain unmodified The JavaScript string can be of both primitive and composite data types How to Initialize Strings in JavaScript There are two ways to initialize a string in JavaScript By string literalBy string object using “new keywordBy string literalHere we directly assign the value of the string to the variable This method enables us to declare primitive strings var message “Hello World Double quotesvar message Hello World Single quotesBy string object using “new keywordHere we pass the string value as a parameter to the constructor of the “String class The new keyword creates an instance of the String var message new String “Hello World Double quotesvar message new String Hello World Single quoteLet us see an example for creating a string using the two methods through a simple code lt script gt var lineBreak lt br gt var str This string is created using string literal document write str document write lineBreak var str new String This string is created using string object document write str lt script gt Output Note JavaScript automatically converts primitives to String objects so that it s possible to use String object methods for primitive strings JavaScript Strings In built Properties and MethodsJavaScript provides in built support for various string properties and methods to perform specific operations on them Let s check out a few PropertieslengthThe length property returns the length i e the number of characters present in a string It is read only Spaces escape sequences like n t etc are treated as a single character let str This is a paragraph console log str length Output gt MethodscharAt index This method returns the character at the specified index of the string A string can be considered as an array of characters starting from index position string length let str Hello world console log str charAt Output gt echarCodeAt index This method returns the Unicode value of the character at the specified index of the string let str Hello world console log str charCodeAt Output gt indexOf searchString position This method allows you to locate a string or a substring within a string It searches for a string from the provided position and returns the index of the first occurrence If the position parameter is not specified it searches from the beginning of the string If no result is found is returned let str My name is John Doe console log str indexOf is Output gt lastIndexOf searchString position Similar to indexOf this method returns the index of the last occurrence of the searchString from the specified position Returns if no result is found let str Hello world console log str lastIndexOf l Output gt search RegExp Similar to indexOf this method also allows you to search for a specified value within a string and returns the position of occurrence The search enables you to perform a search for powerful values like Regex let str The search methods allows you to search for a value within the string console log str search search Output gt toUpperCase toLowerCase These methods convert the characters in the given string into uppercase and lowercase letters respectively let str My name is John Doe console log str toUpperCase Output gt MY NAME IS JOHN DOE console log str toLowerCase Output gt my name is john doeconcat string string …stringn This method is used to concatenate or combine two or more strings and return a new string We can also use “ or “ operators to combine multiple strings let str I let str love let str programming let newStr str concat str str console log newStr Output gt I love programming console log str str str Output gt I love programmingtrim This method is used to remove whitespaces from the left and right sides of the string let str John Doe console log Before trimming str length Output gt Before trimming console log After trimming str trim length Output gt After trimming split separatorString Using the split you can convert a string into an array by passing the separator as an argument var fruits apple mango strawberry orange var fruitArray fruits split Split on commasconsole log fruitArray Output gt apple mango strawberry orange var message Hello messageArray message split Split in charactersconsole log messageArray Output gt H e l l o var str My name is John strArray str split Split on spacesconsole log strArray Output gt My name is John toString The toString method returns a string representation of the calling object var num console log typeof num Output gt numberconsole log typeof num toString Output gt stringmatch RegExp This method is used to find a match for a value within a string If global flag g is included an array of matches are returned Otherwise only the first complete match and its additional properties like index input group etc are returned var str The quick brown fox jumps over the lazy dog It barked console log str match Output gt index input The quick brown fox jumps over the lazy dog groups undefined console log str match g Output gt replace searchValue replaceValue The replace as the name suggests replaces a value in a string with another value RegEx can also be passed as the search value var str Hello User console log str replace User John Output gt Hello Johnslice startNumber endNumber This method is used to extract part of a string and return the extracted part The start and end positions are passed as parameters If the second parameter is omitted this method will slice out the rest of the string To count the position from the end of the string pass the parameters as negative var str The quick brown fox jumps over the lazy dog console log str slice Output gt quickconsole log str slice Output gt quick brown fox jumps over the lazy dogconsole log str slice Output gt dogsubstring startNumber endNumber The substring method is used to create a substring out of a string It retrieves a range of characters from start and end positions passed as arguments This method is similar to slice but the difference is that it cannot accept negative indexes as parameters var str The quick brown fox jumps over the lazy dog console log str substring Output gt foxconsole log str substring Output gt fox jumps over the lazy dogsubstr startNumber length This method is similar to substring The difference is that the second parameter specifies the length of the extracted part from the starting position var str The quick brown fox jumps over the lazy dog console log str substr Output gt quick brown fox Using JavaScript Strings with Selenium WebDriverAutomation testing has become an integral part of software development With ever expanding user expectations it becomes crucial for every development project to deliver high quality products with increased velocity Top notch software plays a vital role in user on boarding as well as user retention Automation testing allows you to ensure the application UI is working as expected Selenium WebDriver is a widely popular tool often the first choice for automation testing of web applications And when it comes to scripting JavaScript is the most in demand technology loved by programmers as suggested by the Stack Overflow annual survey Note InvalidCookieDomainException The WebDriver does not allow setting cookies for domains different from the domain of the current browsing context s document s domain In this section of the Selenium JavaScript tutorial we will learn how to write automation test scripts using JavaScript and Selenium WebDriver We ll also explore a few practical implementations of JavaScript strings through beginner friendly examples Let s jump into it PrerequisitesTo get started install Node js NPM and Visual Studio Code as IDE on your system Install Node js and NPMEnsure that your system is equipped with Node js and NPM You may install the latest LTS version from the official Node js website NPM will be installed along with Node js So no need for separate installation In the terminal give the following command to verify Node js and NPM are successfully installed in your system node v npm v Install Visual Studio Code as IDE or any IDE of choice In this article we will be using VSC You may download Visual Studio from its official website Project SetupWith the expectation that the prerequisites are installed let s deep dive into the project set up Step by step instructions are detailed below Follow along with me Step Create a project folder in the desired location in your system Open the folder in your IDE Step Next we need to initialize our project with the package json file Open the terminal in IDE and verify that it is pointing to the project folder location Give the command npm init yYou will notice that the package json file is created in your project folder containing all the project configuration details Step Time to install the project dependencies We need to install Selenium WebDriverBrowser drivers for chrome firefox etc in this example we will work with chrome browser npm install save selenium webdriver chromedriverThe node modules folder will be added to your project root Also package json will be updated with these dependencies Step Finally it s time to write some code Note We are not working with any framework like Nightwatch js or WebdriverIO here Note InvalidSelectorExceptionthe webdriver error invalid selector error happens when an element fetch is tried with an unknown web element selection method Writing our first test scriptCreate a file named index js any name of your choice in the project root folder The folder structure now looks like this Inside this index js file let s write our first test script We will be writing a simple and straightforward test case which will Launch the Chrome browser Go to www google com Search for a string value Verify the string value is present in the resulting URL Step a Pull all the required functions from node modules const By Key Builder require selenium webdriver require chromedriver Step b Create a function example which will be containing your test script Feel free to provide any function name of your choice async function example example Step c Inside the function let us write our test script using Selenium and JavaScript We are lavishly making use of the string methods we learned async function example The string variable containing value to search var searchString Javascript strings with Selenium webdriver To wait for browser to build and launch properly let driver await new Builder forBrowser chrome build To fetch from the browser with our code await driver get To send a search query by passing the value in searchString await driver findElement By name q sendKeys searchString Key RETURN To fetch the value of currentUrl and storing it into a variable by converting it to string var url await driver getCurrentUrl toString To find the start and position of query string var start url indexOf q var end url indexOf amp To extract the query string wrt the start and end positions var queryString url slice start end To get an array containing all keywords by splitting with queryStringArray queryString split console log ACTUAL queryStringArray To get an array containing words of original searchString expectedArray searchString split console log EXPECTED expectedArray To compare the expectedArray with the Actual query string array console log Match Status JSON stringify queryStringArray JSON stringify expectedArray It is always a safe practice to quit the browser after execution await driver quit Step d Now write the function call Overall code will look like this const By Key util Builder require selenium webdriver require chromedriver async function example The string variable containing value to search var searchString Javascript strings with Selenium webdriver To wait for browser to build and launch properly let driver await new Builder forBrowser chrome build To fetch from the browser with our code await driver get To send a search query by passing the value in searchString await driver findElement By name q sendKeys searchString Key RETURN To fetch the value of currentUrl and storing it into a variable by converting it to string var url await driver getCurrentUrl toString To find the start and position of query string var start url indexOf q var end url indexOf amp To extract the query string wrt the start and end positions var queryString url slice start end To get an array containing all keywords by splitting with queryStringArray queryString split console log ACTUAL queryStringArray To get an array containing words of original searchString expectedArray searchString split console log EXPECTED expectedArray To compare the expectedArray with the Actual query string array console log Match Status JSON stringify queryStringArray JSON stringify expectedArray It is always a safe practice to quit the browser after execution await driver quit example Step e Run the test In the terminal give the following command to run the js code using Node node index jsThe test execution begins and the Chrome browser gets launched Observe the terminal for logs We have successfully executed our test If you are new to JavaScript and want to get started with your first test script check out the video below from LambdaTest YouTube Channel Running Selenium JavaScript tests on the Remote Selenium GridIn the earlier section of the Selenium JavaScript tutorial we completed the test execution on the local Selenium Grid In real world testing scenarios it is critical to verify that our application works seamlessly across multiple platforms browsers and browser versions This task is hectic to achieve through our local system alone which also requires frequent maintenance This is where cross browser testing on cloud based Selenium Grid can drive more value to the overall testing methodology LambdaTest is a popular cloud based cross browser testing platform trusted by users worldwide LambdaTest provides you access to browsers for mobile and desktop to help you gain the maximum test coverage during automated browser testing Cloud based Selenium Grid is known for running test cases on different versions of browsers and different operating systems simultaneously LambdaTest facilitates you to perform automated browser tests on a scalable secure and reliable online Selenium Grid effortlessly Since we have come this far why don t we achieve this as well All it requires are a few minor code changes in our previous script Let s look into it step by step Step Create your free account or log in to your LambdaTest account Fetch your unique username and access key from the LambdaTest profile section Step Create a new test file index js or any name of choice in the project folder I will be copying the previous code here Now both test files contain the same code Let s make the required configuration changes in the second file Provide the username and access key from Step as string values const USERNAME YOUR USERNAME replace with your usernameconst KEY YOUR KEY replace with your accesskeyProvide the host corresponding to the LambdaTest platform const GRID HOST hub lambdatest com wd hub Now we should provide the required browser and OS configuration as capabilities Within seconds we can generate this by making use of the LambdaTest Desired Capabilities Generator tool Provide this object inside the test function async function example var capabilities build JavaScript Strings and Webdriver name Google search platform Windows browserName Chrome version selenium version chrome driver Provide the gridUrl You can also find this value from the Automation Dashboard const gridUrl https USERNAME KEY GRID HOST Finally edit the code to build and launch the browser Also don t forget to remove the chromedriver requirement as we are executing our tests remotely let driver await new Builder usingServer gridUrl withCapabilities capabilities build The final code will look like this That s it guys Now it is time to run the script node index jsWe can observe the live running status from the Automation Dashboard We can access the individual report containing video and logs from Automation Logs We can also observe the logs in the Terminal How effortless and hassle free was that We have successfully run our test script using the Remote Selenium Grid provided by LambdaTest ConclusionWhile Selenium WebDriver continues to be the first choice in Automation Testing JavaScript is celebrated as the most in demand language by programmers over the last years WebDriver together with JavaScript offers a favorable combination to perform automated UI testing of applications We did a detailed walkthrough of Strings in JavaScript along with various in built functions through this Selenium JavaScript tutorial Equipped with this knowledge we wrote test cases utilizing JavaScript strings and Selenium WebDriver over cloud based Selenium Grid using Selenium automation testing As an additional touch we also leveraged our test execution by achieving test coverage and cross browser testing employing the online Grid provided by the LambdaTest platform I am hoping that this blog has benefited you To deliver applications with optimal user experience with the backing of cross browser testing check out the LambdaTest platform |
2022-04-08 14:13:53 |
| 海外TECH |
DEV Community |
Symfony Station Communiqué - 8 April 2022. A look at Symfony, PHP, and Cybersecurity news! |
https://dev.to/reubenwalker64/symfony-station-communique-8-april-2022-a-look-at-symfony-php-and-cybersecurity-news-3ohb
|
Symfony Station Communiqué April A look at Symfony PHP and Cybersecurity news This article originally appeared on Symfony Station Welcome to this week s Symfony Station Communiqué It s your weekly review of the most essential news in the Symfony and PHP development communities Again we cover the tech aspects of the war crimes going on in Ukraine and how you can help Take your time and enjoy the items most valuable to you Thanks to Javier Eguiluz and Symfony for sharing our last communiqué in their Week of Symfony Please note that links will open in a new browser window My opinions will be in bold SymfonyAs always we will start with the official news from Symfony Highlight gt “This week Symfony and maintenance versions were released Meanwhile the upcoming Symfony version added new features such as a Serializer profiler panel and a simpler bundle extension configuration Lastly the SymfonyLive Paris conference will take place next week A Week of Symfony March April Javier Eguiluz previews an upcoming feature of the update New in Symfony HtmlSanitizer ComponentSymfonyCasts continues their free look at Symfony and Easy Admin paid courses This week on SymfonyCastsPlatform sh announced “We re excited to announce that Platform sh now offers OpenSearch as a service available and included on all plans OpenSearch is a distributed RESTful search and analytics engine you can use for log analytics a search backend clickstream analytics and more With the recent move by ElasticSearch to switch to a licensing model it was important for us to propose a strong open source alternative And OpenSearch is completely open source so you could run and manage it on your own But if you add it to a Platform sh project as a service all of the infrastructure is taken care of All you have to take care of is your data indexing it and retrieving it OpenSearch is hereWe missed this last week Blackfire Monitoring now integrates with API Platform API Platform Support Featured ItemDemocracies are far from perfect However while sometimes chaotic and prone to taking one step back for every two forward they are the best governments in the world Currently they are in a growing battle with autocracies ranging from tyrannical to criminal for the future of mankind The Copenhagen Pledge puts forward a vision for the digital age based on democratic values and human rights It serves as the overall value framework for the Tech for Democracy initiative Take and sign the pledgeIts Action Coalitions target specific issues at the intersection of tech democracy and human rights Coalition partners engage in concrete activities and deliver concrete solutions in line with the Copenhagen Pledge Action CoalitionsThe Action Programme contains recommendations on how to transform the Copenhagen Pledge into action and charts a path for various areas such as how to truly improve digital responsibility and mobilization Action ProgrammeFind the full Action Programme and civil society´s recommendations here Please get involved today You have to have open societies to have open source This WeekWeLoveDevs says “Ce questionnaire d environ minutes est proposépar Smaïne Miliani ainsi que la communautéWeLoveDevs com entreprises experts formateurs indépendants pour aider les développeurs àauto évaluer leurs connaissances If you are fluent in French take this test Test Symfony Mohamad Eldhemy explores The What Why How Guide of PHP code quality toolsSriram webnexs asks What Is the Magento Marketplace Extension and How Does It Work tangled net writes “Grav CMS allows developers to give third parties the ability to manage their structured content in a very elegant and flexible way At the same time there are few restrictions on how this content ends up displayed on the website ーas long as the developer knows what he is doing Grav CMS ーA way to pass URL parameters in a frontend formUnearthed says “we use the AWS service Cognito to issue JWTs to clients during authentication From there the JWT is exchanged with whichever services the user is interacting with in order to validate their identity This is helpful when building out a service graph since each JWT can describe an authenticated users session without any direct dependency on a user service It s worth mentioning if you are using Symfony there is a Symfony Bundle which will make some of the factories and services used in this blog post available from the container In our application we decided instantiating these dependencies directly was preferable Decoding and validating AWS Cognito JWTs with PHPCode has this very useful article for us Drupal Getting A Good Score In Google PageSpeed InsightsDroptica notes “In this article we ll present what standards are used to create Drupal projects We will show you the basic aspects that are worth paying attention to and the tools that make work easier What are Drupal Coding Standards and How to Use Them in Your Daily Work Arslan Ijaz looks at Amazing UX design using Drupal Last MonthMatt Robinson shares What to Do With Your Drupal WebsiteChristian Kolb has two articles for us Using CQRS in SymfonyUsing id value objects for better readability and type safety PHP This weekThe April edition of php architect is out p hparchitect Tomasz Dobrowolski shows us Why You Should Limit Your Use of Comments to Make Cleaner Code as a DeveloperStudy Section notes “A session is a way to continue information across different web pages to recognize users as they traverse a site or app There is absolutely no way a server could remember a specific user between multiple requests which is why we call the HTTP protocol a stateless protocol Explaining this pattern with example in PHP ーServer Session StateFarhan Tanvir shares “Here are VSCode extensions which will help you to make the best use of VScode if you are a PHP developer useful VSCode extensions for a PHP developerYacine Touati discusses Setting up Dockerized cron jobs For example using PHP and MySQLThe one and only Brent is back with “You ve probably used the strategy pattern before a behavioral pattern that enables selecting an algorithm at runtime Let s consider a classic example the user provides some input either in the form of XML JSON or an array and we want that input to be parsed to a pretty JSON string Dynamic StrategiesJordi Bassaganas shares his Titanic Truth About JavaScript TypeScript and PHPHicham Ben Kachoud continues his SOLID series with the I Interface Segregation PrincipleJarek writes “Generic types are templates which allow us to write code without specifying a particular type of data on which it will work Thanks to them we avoid redundancy and the objects operate on the previously declared types A good example is collections of various types If we want to be sure that a collection consists of a given data type we can either create a separate class to store each type use various types of assertions or just use generic types How To Start Using Generic Types In PHP Last MonthAndreas Moller notes “The chances are that you are already aware of the concept of named constructors If not take a look at Matthias Verraes excellent article Named Constructors in PHP When it comes to consistently naming constructors I currently apply the following rules for different types of objects servicesexceptionsentitiesvalue objects Incredibly there were two articles on this last month Naming constructorsStefan Priebsch writes “Despite a greatly improved type system in versions and PHP does not support constructor overloading If an object has to be created in different ways so called named constructors are used Are there any best practices for naming them How do you name constructors OtherPlease visit our Support Ukraine page to learn how you can help kick Russia out of Ukraine eventually The cyber response to Russia s War CrimesCNBC reports “Alex Iskold a tech entrepreneur and start up investor revived the K Project to provide direct relief to Ukrainian families impacted by the war A Ukrainian Techie Combined Code and People to Raise Million So Far for Families Back HomeTechCrunch reports Twitter limits reach for Russian government accounts and bans most POW imageryFortune reports “Hacker collective Anonymous announced on Twitter that it successfully breached and leaked the personal data of Russian soldiers All soldiers participating in the invasion of Ukraine should be subjected to a war crime tribunal Anonymous said in the message The leak included personal information like dates of birth addresses passport numbers and unit affiliation Anonymous takes revenge on Putin s brutal Ukraine invasion by leaking the personal data of Russian soldiersAfter what we have seen this week IMHO these soldiers are legitimate targets for hacktivism NBC reports “Distributed Denial of Secrets is best known for curating publishing and promoting giant caches of files from a variety of sources including U S police departments the conservative social media platform Gab and the far right Oathkeepers a prominent group involved in the Jan riot But since Russia invaded Ukraine Best and her colleagues have been inundated with files that hacktivists say they ve stolen from Russian banks energy companies government agencies and media companies For weeks the group has scrambled to translate verify format and upload files that they can assess are legitimate and new with the caveat that they usually haven t gone through every single file to assess if it hasn t been altered or planted with malicious software Hackers flood the internet with what they say are Russian companies filesThe AP reports “The Biden administration has charged a Russian oligarch linked to the Kremlin with violating U S government sanctions and disrupted a cybercrime operation that was launched by a Russian military intelligence agency officials said Wednesday US charges Russian oligarch dismantles cybercrime operationThe New York Times reports that the U S Says It Secretly Removed Malware Worldwide Pre empting Russian CyberattacksPolitico reports that “The firms that helped document the Russian invasion of Ukraine are now finding imagery of atrocities Satellite companies join the hunt for Russian war crimesCloudflare writes “Following Russia s unjustified and tragic invasion of Ukraine in late February the world has watched closely as Russian troops attempted to advance across Ukraine only to be resisted and repelled by the Ukrainian people Similarly we ve seen a significant amount of cyber attack activity in the region We continue to work to protect an increasing number of Ukrainian government media financial and nonprofit websites and we protected the Ukrainian top level domain ua to help keep Ukraine s presence on the Internet operational At the same time we ve closely watched the significant and unprecedented activity on the Internet in Russia The Russian government has taken steps to tighten its control over both the technical components and the content of the Russian Internet For their part the people in Russia are doing something very different They have been adopting tools to maintain access to the global Internet and they have been seeking out non Russian media sources This blog post outlines what we ve observed What Cloudflare is doing to keep the Open Internet flowing into Russia and keep attacks from getting outOn a related note NPR asks “What do Russians know about what s happening in Ukraine Well it depends in large part on what independent media they re able to access access the Russian government has been forcefully trying to restrict So many Russians have been relying on VPNs virtual private networks that obscure their identity online and allow them to access blocked websites Some Russians are skirting website restrictions through VPNs What are they Radio Free Europe reports “Western governments imposed crushing sanctions on Russia for its unprovoked attack and foreign companies began pulling out of the country setting its economy reeling and making investments in the technology sector unattractive Three days later Krupnik froze his project and on March he fled to Turkey seeing a bleak future back home A Nail In The Coffin Tech Workers Are Fleeing Russia and The Impact Will Last For Years The Evil Empire Strikes BackTechCrunch reports “The mass exodus of IT specialists has been met with hostility from Moscow Tech workers describe detentions and interrogations as they flee RussiaIf you are in Russian IT and want to escape the new Iron Curtain we suggest you get the fuck out now If not enjoy the Gulag CBS reports “A group of hackers with ties to the Belarusian government broke into the Facebook accounts of Ukrainian military officials and posted videos calling on the Ukrainian army to surrender Meta s head of security policy Nathaniel Gliecher said the videos posted on the accounts of Ukrainian military officials were not seen by users and were taken down by the platform before it could be shared with others Russian backed hackers broke into Facebook accounts of Ukrainian military officialsThe Jerusalem Post reports “China launched a massive cyber operation against the Ukrainian military and its nuclear facilities before Russia began its invasion according to UK intelligence reports obtained by The Times The British reports were backed up by Ukraine s national security service the SBU which claimed China coordinated thousands of cyberattacks and hacking attempts on official Ukrainian government sites China carried out massive cyberattack operation on Ukraine reportThe New York Times notes Bristling against the West China rallies domestic sympathy for RussiaThe Guardian reports “Putin may be playing a long game on the cyber front with attacks underway but not fully understood Russia s slow cyberwar in Ukraine begins to escalate experts sayThe Associated Press reports “Though Russia is the country that invaded its neighbor Ukraine the Kremlin s version relentlessly warns social media users across Latin America that the U S is the bigger problem “Never forget who is the real threat to the world reads a headline translated here from Spanish The article originally posted in late February on Twitter by RT en Español is intended for an audience half a world away from the fighting in Kyiv and Mariupol Russia aims Ukraine disinformation at Spanish speakers CybersecurityZDNet reports “The US Federal Government s latest attempt to create a centralized office for cybersecurity within a major agency will also be tasked with exploring economic and policy concerns within cyberspace US Bureau of Cyberspace and Digital Policy officially commences operationsTechRepublic has this discouraging bit of news Developers do not view application security as a top priority study findsThey also have tools to make encryption key management easierGitHub shows us How Dependabot empowers you to keep your projects secureThey also have Prevent the introduction of known vulnerabilities into your code MoreThe NewStack shares this from Caleb Porzion “It was at this point that he came up with the idea for Alpine js the minimalist framework that puts JavaScript behavior directly in your markup which would offer some of the interactivity of Vue js without any of the complexity “Alpine is the modern jQuery that s my vision for it Porzio explained in an interview “When I started in web development jQuery was what you did to sprinkle in stuff on your front end Your whole front end wasn t driven by a frontend framework it was driven by something like Rails I still like to write web apps that way I ve come full circle I did the whole SPA thing and there s nothing wrong with it per se but for a lot of use cases it s just way too much complexity Alpine js Brings JavaScript Interactivity without Complexity to HTMLInfoworld notes “SQLite is embedded everywhere Will Postgres follow suit Postgres everywhereDocker discusses Getting Started with Docker DesktopThey also have CTO Chat Overcoming the Developer Experience Gap feat RedMonk amp Flow io VSCode writes The Visual Studio Code team has used this insight as the heart of their research over the years if we can reduce time spent on overhead like reading about environment setup then we can increase productivity time We have a vision where developers don t have to keep fighting the same battles over and over again This means a consistent development setup that can handle the never ending churn of version upgrades configuration changes and hardware refreshes But what does the path look like to get us there Let s examine the journey to increase developer productivity that has led us from local development to container based development to the cloud Using Containers to move from Local to Remote DevelopmentTechCrunch reports “At its Team conference Atlassian announced the launch of Atlas a new service for cross functional team updates it previously offered as a beta under the name “Team Central The service is meant to be a central repository for what teams are working on ーwith those updates limited to a Twitter like characters Atlassian launches Atlas to improve team alignmentSule Balogun Olanrewaju Ganiu says “This article will teach you an alternative approach to testing client APIs using Thunder Client an open source extension available on VS Code marketplace Thunder Client An Alternative Way to Test Restful APIsThat s it for this week Thanks for making it to the end of another edition I look forward to sharing next week s Symfony and PHP news with you on Friday Please share this post Also be sure to join our newsletter list at the bottom of our site s pages Joining gets you each week s communiquéin your inbox a day early And follow us on Twitter at symfonfystation Do you own or work for an organization that would be interested in our promotion opportunities If so please contact us We re in our infancy so it s extra economical More importantly if you are a Ukrainian company with coding related products we can provide you with free promotion on our Support Ukraine page Or if you know of one get in touch Keep going Symfonistas Author Reuben WalkerFounderSymfony Station |
2022-04-08 14:12:14 |
| 海外TECH |
DEV Community |
OAuth and OIDC: What You Need To Know |
https://dev.to/anvil/oauth-and-oidc-what-you-need-to-know-3ogn
|
OAuth and OIDC What You Need To Know OIDC under the microscopeIn a previous blog post we covered SSO what it is and the two main technologies that are used to implement it In the next post we covered SAML the first of these technologies This time we re taking a deep technical dive into the other OpenID Connect often abbreviated to OIDC and OAuth the authorization protocols that support it This blog post covers the following What OAuth is and what problems it was built to solveWhy it can t be used for authenticationWhat OpenID Connect is and how it uses OAuthImportantly is it secure Let s jump in What is OAuth This section gives a fairly high level primer on OAuth intended to illustrate what it is in the context of OIDC In and of itself OAuth is a deep topic with lots of interesting security aspects for the sake of brevity we won t be covering all of them Wikipedia defines OAuth short for Open Authorization as an open standard for access delegation In this context access delegation means allowing one entity access to something for example information controlled by another entity The act of allowing this access is delegation hence access delegation so what does it do Let s take a real world example I have a GMail account and I want to use a service that ll go through all the automated emails I received in the last days and send responses asking each of the senders to delete the data they have on file about me That means that the service will need to be able to read my emails and send emails from my account However I don t want to just give the service the credentials I use to log in to my Google account that would also give it access to my Drive any location data history the Google Maps has collected and so on Instead the service should only be able to perform the actions I want it to and that s where OAuth comes in OAuth provides a mechanism for allowing that service to request access specifically to only the actions it needs without compromising the security of other information or restricted actions managed by my Google account In OAuth world there are a few different entities The user is called the Resource Owner in the above example this is me I own the resources the ability to read and send email that I want to be able to share with the client service The client service is called the Relying Party in the above example this is the service that ll automatically read and send emails for me and it relies on an OAuth flow in order to get access to those actions The Identity Provider is also called the Authorisation Server This is where I can go to prove ownership of my Google account and authorise the client to use my resources The Resource Server is where those resources to which I have delegated access live In the above example this is a GMail server In a lot of examples this will be managed by the same organisation as the Authorisation Sever but that isn t strictly necessary How does it work The big concept that drives OAuth is the idea of tokens Tokens are objects that the Authorisation Server can issue for a client to use and in OAuth there are two different kinds Access Tokens are used by the client to access a given resources from the Resource Server The Resources Server needs to be able to parse the information from within the token and give exactly the access requested and no more Access Tokens are also sometimes called bearer tokens because any entity which gets hold of them bears them will then have access to those resources For this reason they should have an expiration date built in after which point the Resource Server will deny access Refresh Tokens are used by the client to get a new Access Token if the one they currently have has expired These tokens are longer lived and are typically stored by the client application in a secure server There are a few different important qualities that tokens need to have They should be opaque to the client application The email service in the above example doesn t need to know what s inside the tokens it receives all it needs to do is send them on to the relevant servers When the Relying Party makes a request for a token that request will include a scope or multiple scopes for the token that determines exactly what resources it grants access to OAuth is a standard and not a framework so it doesn t set out any scopes explicitly instead leaving them up to the internal implementation of the Authorisation and Resource Servers In the email service scenario the scopes involved would require allowing access to reading and sending emails but not for example access to my Google Drive An OAuth Authorisation Server will have a few different endpoints which are used at various stages in the process In the following flow we ll see a couple authorize which lets the user grant access for example token which is where the Relying Party sends its requests for tokens for example The Resource Server will also have a variety of endpoints depending on what kind of resources it serves it s up to the Relying Party to make sure they access the correct one So authorising a client to use some of your resources that are hosted on a Resource Server goes like this You the Resource Owner visit the Relying Party that wants access to your resources In the above example this would be visiting the website of the service that ll automatically ask people to delete my data The Relying Party sends you to the Authorisation Server s authorize endpoint with a request for an authorisation code This is where you ll be redirected in your browser to a Google screen asking you if you want to allow the email service appropriate access You authenticate with the Authorisation Server and grant resource access Your role as the Resource Owner is now done The Authorisation Server sends you back to the Relying Party along with an authorisation code In the above example this is you being redirected back to the website for the email service The Relying Party then uses that code to request an Access Token with appropriate scopes from the Authorisation Server s token endpoint The Authorisation Server then mints a new Access Token and optionally a Refresh Token The Authorisation Server sends those tokens back to the Relying Party The Relying Party sends the Access Token to a relevant endpoint at the Resource Server in order to ask for access This endpoint is where the email service asks to download the last days worth of emails to my inbox The Resource Server validates the token and grants access This is the point at which access to my emails has now been successfully delegated to the automatic email service Then going forwards as long as the client application has a valid Access Token either from this process or by requesting a new one using its Refresh Token it doesn t need you as the Resource Owner to grant access again If the Refresh Token expires or is revoked then this flow will need to happen again And that s how OAuth allows you to delegate access to your resources Why do we need something else for authentication Reading the above you might think that OAuth is sufficient for authentication purposes After all if you want to use an OAuth provided identity to log in with a third party service OAuth already exists to facilitate permissions sharing between those two services right Well that s just the thing an OAuth token creates a relationship between those two services letting one use the other s resources You as the user are really only there at token creation time in order to agree that that relationship is OK after that OAuth doesn t care whether or not you re authenticated OAuth isn t about identity it s about resources and the authorisation to use those resources These concepts are closely connected but they re not the same and getting them mixed up can lead to gaps in security It s absolutely possible to do authentication with OAuth and it s people did before OIDC but you have to be very careful when implementing it For example it might be tempting to assume that a valid Access Token constitutes proof of identity After all the user had to authenticate with the OAuth identity provider in order for that Access Token to exist Unfortunately there are multiple issues with this approach One problem is that user authentication isn t the only time that Access Tokens can be created any client with a Refresh Token can create one This is in fact a fundamental design requirement of OAuth since it exists to ease the sharing of resources between services and shouldn t require user presence at all stages Another issue is that since Access Tokens are opaque to the client by design the third party service that receives the Access Token as proof of identity won t be able to get any information from it In fact the service won t even be able to inspect the token to verify that the user is who they say they are This is because the client isn t actually who the Access Token is for it s meant to be parsed by the OAuth Resource Server not the third party service itself OAuth isn t unusable for authentication but we can do betterIn the past we worked around all this by having the client follow the above OAuth Flow after which it would use the resulting Access Token to hit an endpoint on the Authorisation Server This endpoint often located at me would then allow the Authorisation Server to parse that Access Token and tell the Relying Party on which user s behalf it was issued But this is fairly roundabout and easy to get wrong for example when building a Relying Party you d need to make sure that you only used Access Tokens received directly from the Authorisation Server in order to mitigate the risk of a malicious actor using an ill gotten token to falsely authenticate What if we had something designed for the purpose We d need a token that s only created at authentication time and is designed to be parsed by the client That s what OpenID Connect does What is OpenID Connect The key thing that OIDC provides is the idea of an ID Token a token designed to be used as proof of OAuth identity for consumption by the client service ID Tokens unlike Access and Refresh tokens have a specified format they re constructed as JSON Web Tokens or JWTs JWTs are JSON payloads which are then cryptographically signed by the issuer This means that they re protected from tampering but they can still be parsed by the recipient The flow for a user authenticating with a Relying Party using their OAuth Identity then looks like this You the Resource Owner visit the Relying Party with which you want to authenticate The Relying Party sends you to the Authorisation Server s authorize endpoint along with a request for one or more tokens At this point the Relying Party can request either an ID Token on its own or an ID Token and an Access Token You authenticate yourself with the Authorisation Server The Authorisation Server then mints the tokens that the Relying Party requested and sends them back to the Relying Party The Relying Party can now decrypt the ID Token and use it to verify your identity and authenticate you If the Relying Party also requested an Access Token it can then use this later to get more user information about you from the Authorisation Server by using it to hit a userinfo endpoint Note that the Resource Server isn t involved at all The only resource you re trying to share is proof of your identity and that s solely the domain of the Authorisation Server In reality the ID Token is quite different to the Access and Refresh Token types It isn t meant to be used by the Resource or Authorisation Servers it s just a record of the authentication event that occurred when the user logged in to the Authorisation Server But that s all that the Relying Party needs in order to know who you are If the Relying Party also wants to know extra information about you then it needs to request an Access Token which has the relevant scopes for example email and address and it can do this at the same time as mentioned in the flow above It might seem like one could just use the userinfo endpoint to use OAuth itself for authentication but that endpoint is in fact something that s defined by the OIDC spec and isn t required for OAuth OIDC and securitySo how can this all go wrong Well there are a few different ways including the following The OAuth Authorisation Server wrongly grants tokens to a malicious third party An Access Token created for a legitimate Relying Party makes its way into the possession of a malicious entity enabling it to masquerade as that Relying Party The Relying Party receives and trusts a token that was actually created by a malicious entity In order to address the first problem a Relying Party needs to have an existing relationship with the OAuth Identity Provider before it can use OIDC to authenticate its users This involves the Relying Party being registered with that OAuth Server and having a client ID and a client secret That identifying information is then included whenever the Relying Party makes a request for tokens so that the OAuth Server can be sure that the request is legitimate Of course this means that that ID and secret need to be stored securely by the Relying Party for instance all API calls using them should be made from a server rather than a user s browser The second possibility could come about in a couple of ways either the Access Token is intercepted in transit or it s leaked to external parties by the legitimate Relying Party To avoid the first of these all the API calls should be made using HTTPS so that all the traffic is encrypted and can t be inspected by any onlookers To avoid the second problem it s important that the Relying Party should always treat Access Tokens securely and this includes only ever using them in a server and not in the user s browser just as with the client ID and secret The third problem is largely prevented by the fact that ID Tokens are JWTs which are cryptographically signed by design If however the OAuth Authorisation Server isn t signing its JWTs which it should then this vulnerability can be mitigated by the Relying Party only ever trusting tokens that result from a direct API call It can also verify the tokens it receives by sending them to the Authorisation Server s introspect endpoint which will tell the Relying Party whether or not a given token is valid Using OpenID Connect in your web appsSo what do you need to do in order to enable OpenID Connect authentication for your web apps Well you need your web app to be able to make the appropriate API calls to your OAuth Identity Provider of choice making sure you ask for the right kind of tokens and for your app to be able to safely handle the responses it gets Unfortunately this can be pretty fraught because you need to be certain that you re doing everything correctly at every stage of the process or else you risk falling foul of some of the vulnerabilities we discussed above However once it s set up you get all the benefits of SSO Anvil apps come with several ready made options for using OIDC based SSO several OpenID Identity Providers such as Google and Facebook are already configured It s nice to know about tokens but you don t have to Enabling SSO for your users is as simple as using Anvil s built in User Authentication service and ticking a single checkbox Easy More about AnvilIf you re new here welcome Anvil is a platform for building full stack web apps with nothing but Python No need to wrestle with JS HTML CSS Python SQL and all their frameworks just build it all in Python Try Anvil for free |
2022-04-08 14:11:35 |
| Apple |
AppleInsider - Frontpage News |
Daily deals April 8: $300 off Asus ROG Gaming Desktop, $416 off Zotac GeForce RTX 3080 Ti Graphics Card, $70 off Samsung Galaxy Buds Pro, more |
https://appleinsider.com/articles/22/04/08/daily-deals-april-8-300-off-asus-rog-gaming-desktop-416-off-zotac-geforce-rtx-3080-ti-graphics-card-70-off-samsung-galaxy-buds-pro-more?utm_medium=rss
|
Daily deals April off Asus ROG Gaming Desktop off Zotac GeForce RTX Ti Graphics Card off Samsung Galaxy Buds Pro moreFriday s top deals include off an Asus ROG Gaming Desktop off the Zotac Gaming GeForce RTX Ti Graphics Card Samsung Galaxy Buds Pro for and much more ASUS ROG Gaming Desktop Zotac Gaming GeForce RTX Ti Graphics Card and Samsung Galaxy Buds Pro are on sale today Every single day we scour the internet in search of the best tech deals available including discounts on Apple products tax software and a variety of other items all to help you save some cash If an item is out of stock you may still be able to order it for delivery at a later date Many of the discounts are likely to expire soon though so act fast Read more |
2022-04-08 14:19:38 |
| 海外TECH |
Engadget |
Halo Infinite's delayed second season starts on May 3rd |
https://www.engadget.com/halo-infinites-season-two-release-date-140453875.html?src=rss
|
Halo Infinite x s delayed second season starts on May rdMicrosoft and Industries have revealed that season two of Halo Infinite will get underway on May rd The season which is called Lone Wolves will herald the arrival of fresh arena and Big Team Battle maps more modes including Land Grab and free for all elimination in Last Spartan Standing and limited time events There ll also be a new battle pass that won t expire and a slew of other updates Season two was initially supposed to arrive three months after the game s launch That would have been February or March depending on whether Industries defined the launch date as mid November when the multiplayer component debuted or December when the full game was released However in November the studio said season one would run until May What s more fans will need to be a bit more patient for the arrival of the long awaited campaign co op mode That was originally supposed to be available at the start of season two It will emerge sometime later in the season Forge mode which allows players to create custom games with map modifiers and unique rules is still slated to arrive in season three At least players will have new maps to learn and more game modes to master in the meantime |
2022-04-08 14:04:53 |
| 海外TECH |
CodeProject Latest Articles |
Fusion Development for Sales Apps Part 1: Building a Power App |
https://www.codeproject.com/Articles/5329181/Fusion-Development-for-Sales-Apps-Part-1-Building
|
Fusion Development for Sales Apps Part Building a Power AppIn this article we demonstrate how a citizen developer could create a Microsoft Power App with low code to lay out a proposed business solution s essential functions |
2022-04-08 14:29:00 |
| 海外科学 |
NYT > Science |
SpaceX and NASA’s First Private Launch to the Space Station: Live Updates |
https://www.nytimes.com/live/2022/04/08/science/axiom-nasa-spacex
|
axiom |
2022-04-08 14:46:16 |
| ニュース |
BBC News - Home |
Ukraine: Six weeks of devastation and defiance as world grapples with the crisis |
https://www.bbc.co.uk/news/world-europe-61027292?at_medium=RSS&at_campaign=KARANGA
|
bowen |
2022-04-08 14:29:05 |
| ニュース |
BBC News - Home |
Akshata Murty: Chancellor's wife could save £280m in UK tax |
https://www.bbc.co.uk/news/business-61041926?at_medium=RSS&at_campaign=KARANGA
|
inheritance |
2022-04-08 14:38:12 |
| ニュース |
BBC News - Home |
Holocaust memorial: Planning permission for Parliament monument quashed |
https://www.bbc.co.uk/news/uk-61038593?at_medium=RSS&at_campaign=KARANGA
|
permanent |
2022-04-08 14:52:55 |
| ニュース |
BBC News - Home |
Israeli PM vows no limits after three killed by Palestinian attacker |
https://www.bbc.co.uk/news/world-middle-east-61021186?at_medium=RSS&at_campaign=KARANGA
|
israeli |
2022-04-08 14:29:00 |
| ニュース |
BBC News - Home |
Boris Becker guilty of four charges under Insolvency Act |
https://www.bbc.co.uk/news/uk-61043018?at_medium=RSS&at_campaign=KARANGA
|
unpaid |
2022-04-08 14:23:25 |
| ニュース |
BBC News - Home |
Ukraine war: Putin's daughters targeted by UK sanctions |
https://www.bbc.co.uk/news/uk-61038122?at_medium=RSS&at_campaign=KARANGA
|
maria |
2022-04-08 14:22:29 |
| 北海道 |
北海道新聞 |
NY株、もみ合い |
https://www.hokkaido-np.co.jp/article/667474/
|
工業 |
2022-04-08 23:34:00 |
| 北海道 |
北海道新聞 |
四国電力、初の出力制御実施へ 再エネ事業者に発電停止を要請 |
https://www.hokkaido-np.co.jp/article/667430/
|
風力発電 |
2022-04-08 23:19:45 |
| 北海道 |
北海道新聞 |
日ロ、サケ・マス漁業交渉へ調整 来週開催案、経済制裁で難航も |
https://www.hokkaido-np.co.jp/article/667469/
|
経済制裁 |
2022-04-08 23:26:00 |
| 北海道 |
北海道新聞 |
攻撃で崩れたウクライナの大学 室工大・清水教授へ動画「悲惨さ伝えて」 |
https://www.hokkaido-np.co.jp/article/667464/
|
室蘭工業大 |
2022-04-08 23:21:49 |
| 北海道 |
北海道新聞 |
ギタリストの中川イサト氏死去 「フィンガーピッキング」の名手 |
https://www.hokkaido-np.co.jp/article/667465/
|
中川イサト |
2022-04-08 23:17:00 |
| 北海道 |
北海道新聞 |
神3―広3(8日) 延長十二回引き分け |
https://www.hokkaido-np.co.jp/article/667463/
|
引き分け |
2022-04-08 23:08:00 |
| 北海道 |
北海道新聞 |
石川県で震度4、人的被害なし 能登震源、津波の心配なし |
https://www.hokkaido-np.co.jp/article/667459/
|
人的被害 |
2022-04-08 23:03:20 |
コメント
コメントを投稿