Single responsibility principle

Single responsibility principle

The single responsibility principle (SRP) tells us that each module, class or even function should have one single responsibility It means that every class, or similar structure, in your code should have only one job to do. Everything in the class should be related to that single purpose. It is a simple and intuitive principle, bu it is sometimes hard to get right.

A lot of us developers seem to have an ill adjusted intuition for when it’s time to restructure our code. It’s far too easy to convince ourselves that we’ll go back and clean up at a later time. I convince myself about that a lot more often than I actually go back and refactor something.

We also seem to have an even worse intuition for what type code code that will be easy to maintain in the long run. A lot of us (again, that includes myself) gravitate towards code that pack too much functionality into one place. We tell ourselves that it’s a quicker way to get the job done.

However, there’s a price to be paid for going to quick at the beginning and that price is almost always that you go gradually slower and slower. The very things we did early on to increase speed has a huge risk of slowing us down in the long run.

The point with the single responsibility principle is to help us get things (more) right from the start. The SRP tells us to take the time up front to design our code in a way that helps us in the long run. Each group of functionality into it’s own encapsulated and isolated class or module. Don’t mix  and match apples with rocket ships.

Single responsibility principle leads to Cleaner code

As with many things, you can take the single responsibility too far. It does not mean that your classes should only contain just one method. There may be many members as long as they relate to that single responsibility. It may be that when the a change occurs, multiple member functions of the class have to be updated. It’s even quite likely in many cases.

But the SRP does mean that we should try to separate code that might change for different reasons. A class that could change both because we want to modify front end HTML color scheme OR because we need change authentication method is most likely violating the SRP.

Working with the SRP is likely to have a  tremendous effect on your code. You are going to get more but smaller classes in your design. Each of those classes will be a lot cleaner since they’re only concerned with one thing.  You’re also going to have to be more diligent with how you name your classes and if you’re OK with letting go of PHP 5.2 (you should) you are going to benefit from using PHP namespaces and folders. You’re also being forced to think more about how each class interacts with the others since everything isn’t just available in the same class or even namespace any more.

A well thought out system design where classes are logically organized in folders  and where each class is  tightly focused on a single purpose sounds kind of appealing, doesn’t it? It also sounds a lot like what we call clean code.

(and clean code tends to be more testable and maintainable).

Finding the balance: Class Employee

There’s a classical example used to explain the only one reason to change idea, a class used to represent an employee in a system. The questions we’re supposed to ask is if it’s OK to have both functions to calculate the employee’s salary (business logic) and a set of functions that reads and writes employee objects to the database (persistence)?

 

The answer according to the SRP is no, the employee class should not mix business logic with persistence functionality. There are at least two reasons for the employee object to change, the first reason would be if we want to change the method used to calculate salary. The second reason to change would be if we decided to modify the database schema. Therefore according to the SRP, we should design our system with one class for employee business logic and another class for employee persistence. Different reasons for change means different classes.

But in a WordPress situation you could argue that this is a little bit over the top. Imagine a WordPress plugin that adds the custom post type to implement the Employee object and a third party tool like Advanced Custom Fields to define the various extra fields. We could still split the functionality in to two classes, one for business logic and one for database persistence.

The persistence mechanisms for a custom post type are largely decided by functions provided by the WordPress core and in this case, Advanced Custom Fields. Isolating persistence into an EmployeePersister class would simply mean that we create an additional layer between the WordPress database functions and the rest of our code. WordPress wraps the MySQL functions into an API and then we come along and wrap that API in another API. Does is make sense to create a separate class for 4-5 lines of code?

Well, it could make sense. If already know that we want to provide a Drupal version of that same plugin. Or perhaps we want to move away from using a custom post type to using our own database tables instead. If any of those two changes are actually realistic, we should go ahead and put the persistence specific code in a separate class.

But if you’re reasonably certain that such changes will not occur, then you can probably safely use the one Employee class for both types functions.

But then again, it could turn out that loading and saving the Employee internal state requires a lot of additional logic that is subject to change at a later time. In that case following the SRP and create a separate EmployeePersister class makes sense.

Applying the SRP requires us to find a balance between strict design and some sort of manageable reality.  If we try too hard to look into the future and foresee every potential change, we’re probably going to end up with things we’re never going to need  (YAGNI) which is bad in itself.

The opposite

One way to understand the SRP is to consider the very opposite. A god-object, sometimes also called a god-class.  We say that we have a a god object (or function) when a lot or even all of our code ends up in one really big class with lots methods, complex internal state, tons of dependencies and lots of responsibilities. Think of this one class as the god of your system, everything depends on it and it depends of nearly everything else. Even if the term god-object typically means the main class file of a system, god-objects are found in sub systems as well. In WordPress we can see an overall well designed plugin have local god-objects for certain things, I’ve seen a lot of Widgets implemented as de-facto god-objects.

The god object is a well known anti pattern (a common solution seen in system design that is usually ineffective and risky). A god-object often turns in  to a maintenance nightmare, are difficult to debug and nearly impossible to test using standard tolls such as PHPUnit. We should avoid them.

A few signs that one of your classes might be trying to do too much:

  • Your class is very long. If your class grows a lot beyond 1000 effective (not counting comments and white space) lines of code, you can probably split it into smaller classes with more distinct responsibilities
  • One or many of the methods in your class grows beyond 100 effective lines of code.  Large functions can usually be broken up into several smaller functions.
  • The total number of methods (excluding getters and setters) grows too far beyond 25. This depends a lot on the specific class, but too many functions is an indication that your class is doing too many things.
  • Your class declares a mix of static functions and instance functions. This is needed in some specific cases like to implement the singleton pattern. But if there’s a mix of static and non-static functions it usually means that the static functions has nothing to do with the object state and therefore could have been refactored into a separate class.
  • Your class has functions that outputs HTML or CSS code directly (example).  Following the SRP, a better option would be to separate HTML snippets and entire pages into their own files.
  • Your class constructor have side effects on global state (state that is not part of your actual class). Typically via calls to add_action or add_filter (same example). This makes it a lot harder, sometimes impossible, to write unit tests for your class.
  • Your main class file can’t even be included or required into a stand alone script without first loading WordPress.  This is typically seen in cases where a developer mixes a class definition and old school procedural code into the same module. So that even loading that class have the side effect that a piece of procedural PHP code gets executed (same example again)

If your code does more than one of the above things there’s a chance that you will get long term benefits from splitting your class into smaller ones.

A great tool to get you started with analyzing your code is the PHP Mess detector. It’s a static code analyzer that checks your code for a number of metrics including the size of your classes and functions.

Example: The WordPress plugin boilerplate

A very pragmatic thing to do is to look at the specific real life case with a WordPress theme or plugin. A good place to look at is the WordPress plugin boilerplate written by Tom McFarlin’s WPPB foundation plugin (now maintained by Devin Vinson). It’s a foundation that many WordPress plugin are based on and it provides a good starting point of how to apply the SRP in a WordPress environment. From a birds eye perspective, the boilerplate is organized like this (lots of details excluded):

WORDPRESS PLUGIN BOILERPLATE

The main plugin file serves to bootstrap the rest of the plugin. It’s the only file that WordPress core really knows anything about and it’s what gets included in at every request to the server. The main job is to load the main class and hook it up to the WordPress init function.

The includes folder is where all common code is placed, including the main plugin file. Note that there are separate PHP modules for plugin activation and deactivation, each with a single responsibility. The boilerplate even uses a separate module to register all WordPress actions and filters needed by the plugin.

The admin folder is for all code that is related to the admin dashboard pages needed by this plugin. The one thing to note here is that the boilerplate encourages us to keep functionality in the main admin class but everything that renders HTML in a separate views folder (it’s actually called “partials” in real life).

The public folder  has the exact same structure as the admin folder, but it’s intended for functionality and views that are used on the front end.

This basic structure of classes and folders provides an idea about how to separate different things into different folders and classes. Naturally, once you decide to base your plugin on this boilerplate, you will have plenty of opportunity to violate the SRP within this structure. Jamming all vital functionality into the main plugin class takes you right back to an evil god-object.

Look at the boilerplate as a starting point, as  soon as your plugin gains in complexity, it’s your job to ensure that the code you add doesn’t pack too much into one place. Be generous with creating additional classes and make sure that similar functionality is keps grouped together and well isolated. Consider what types of reasons that could drive change in your project.

(note: There are some aspects of the plugin boilerplate that I think could be done differently to work better with other SOLID principles. Especially regarding dependency injection, but that’s a topic for another post)

Over to you

Do you have a specific question or do you just have something to add? Let me know in the comments below.

The SOLID principles and WordPress

SOLD WordPress

There are no shortage of acronyms in the field of computer programming. Some of those acronyms might come and go like a one hit wonder, others are here to stay. Robert “Uncle Bob” Martin first introduced the SOLID principles in the early 2000s and they’ve been around ever since. It’s an evergreen.

First they were just called “the first five principles” and is a collection of ideas brought forward by Robert Martin himself as well as other computer scientists before him. Just a few years later Michael Feathers came along and dubbed them SOLID which makes them a lot more fun and absolutely more  memorable.

Uncle Bob argued that by sticking to these 5 “first” principles of software design, a system will be much easier to maintain and extend over time.  Code that is written in adherence with the SOLID principles typically also turns out to be very clean and much more testable than code that violates them. If that’s not enough to pique your interest about a soon to be 20 year old set of ideas,  I can reveal that the SOLID principles have stood up well against the tests of time.  Each of the five principles are still very relevant and can help us write better code.

S.O.L.I.D

SOLID stands for:

As with most things in life, there’s a balance between being dogmatic and pragmatic, between being short sighted or planning for the long run. In a series of five posts, I’ll be talking about the five principles and how they can help us write better WordPress themes and plugins.

Knowing about and understanding the SOLID principles isn’t a guarantee against unclean or bad code. Think of the principles as something to lean on whenever you’re trying to work out how to design your code.In my own work, I often find that the cause of a messy code problem is a bad overall design. Solving the design issues typically makes the coding part much easier.

So if you ever find yourself going too slow through a project because it has become too complicated, you could take a step back and consider the SOLID principles.  They might be just what you’ve been looking for.

The first one is just out, read all about the single responsibility principle here.

Code smell

Immobile code

Code is immobile when parts of the code that could have been useful in another place can’t be reused because it’s tangled up in some other part of the code.

Rigid code

Cascading changes. Code is rigid when it’s difficult to change because a small change in one place triggers the need for another change in a seemingly unrelated place of the code. The more cascading changes that occurs and the more modules or classes that get affected, the more rigid the code.

A typical example in PHP is when a code in several places refers to array elements by their numerical index, assuming that the array will always have the same fixed number of elements. If some code is changed so that the array is constructed differently, any statement that refers to a numerical element in the array might break. A change in one place leads to a lot of changes in other places.

Note that code can be both fragile and rigid at the same time.

Fragile code

Code is fragile when a small change in one place causes the several other parts of the system to stop fail. Fragile code tends to be difficult to change without introducing lots of new bugs. As soon as one bug is fixed, a slew of new and conceptually unrelated bugs appear. An common cause of fragile code is when it makes can be that the code makes assumptions about the time zone in a way

Note that code can be both fragile and rigid at the same time.

 

FAQ – Testable code

Q: Creating all objects in a DI Container up front seems expensive, what about performance?

A:

Yes and no. Even if most DI containers do support lady loading in various forms, an instance injected into another object still requires to be created first. And sure, there’s a risk that objects get created even if it wasn’t strictly necessary. On the other hand, if you constructors so that object creation is as cheap as possible, this problem might not even be a problem. As a general rule, creating an object should have no for few side effects. In the Hello Testable sample code, an obvious enhancement would be to let the Lyrics object defer loading the text file until it’s strictly needed.

Q: In the original post you kind of describe Interfaces but you never actually use or even mention them. Why?

A:

I agree, the relationship between the main plugin class and the Lyrics class can be made stronger and more formal by defining an Interface and requiring that the object passed into the main plugin class constructor implements that Interface. The only real reason I didn’t do that the original post already tried to stuff too many concepts into a single piece as it was.

Q: If I implement my plugin like you suggest, another developer wont be able to use remove_action to unhook my code. That’s a big problem

A:

Agree, this is an issue. My solution to this is to provide a static method to the needed classes (just the main plugin class in the Hello Testable sample) so that an external piece of code can get a hold of the correct instance for this purpose. I will add a separate post about this when time permits.

WordPress plugins, PHPUnit, WP_Mock and a few important principles

Hello Dolly

I’ve had this post in my head for quite some time now, but I’ve never really found the time to write it. But then a few days ago, Tom McFarlin wrote about how we should avoid calling add_action and add_filter in a class constructor, something I obviously agree with. From some of the comments on Toms post, I realized that some concepts of OOP and writing testable code deserves some additional explanation. I tried to write a comment reply to cover some of the basics, but quickly realized that it’s better to actually get this post out the door.

Not that Tom didn’t do an excellent job with his part, just that I think that we could zoom out a little further so that we more pieces of the puzzle. To get that complete perspective, let’s introduce the star of this show…..

 

Introducing testable Hello Dolly

With the risk of choosing a too simple example, I’ve created an object oriented version of the classic Hello Dolly plugin, originally written by Matt Mullenweg.

My version is simply called Hello Testable and demonstrates a few of the things I tend to emphasize while writing high quality code for WordPress. The main objective is to show how WordPress plugin code can be made testable and more maintainable by following a few simple principles. Hopefully, I also successfully explain why “testable code” is not just something you fix towards the end of a project, it’s something you should have in the back of your head all along the way.

All the code for this post is available at GitHub. Most interesting parts of the code will be repeated in this post, but for reference and completion you might still want to have a look.

Excuses in advance

Before working with WordPress, I’ve spent a lot of time working with other PHP projects. As a result, I tend to write PRS2 style code rather than follow the WordPress code style guidelines. I’m terribly sorry about any confusion this may cause. Some day I will get in line with the rest of you.

Plugin flow

Before going into details and trying to make the case for my approach, let’s look at what happens when the Hello Testable plugin runs.

Hello Testable flow pt1

 

In the first part, the plugin bootstrap file gets included (1) by WordPress core as you’d normally expect. But instead of directly creating our main plugin class (this is an OOP version, right?) an instance of a Dependency Injection container is created (2). Once we have a container, the bootstrap file asks the container to give it an instance of the helloTestable class (3).

But there is a little caveat. The main plugin class constructor expects that an instance of a Lyrics object is passed in as a parameter. The container object knows this, so it goes about and creates a Lyrics object first and then uses it to create the main plugin class instance (4). This knowledge about how to create other objects is represented in the RuntimeProvider class.

Once the bootstrap function get’s the main plugin class instance back (5), it tells WordPress core that the init function of the class should be hooked up with the WordPress ‘init’ action (6). A little later, when all other plugins had their chance to load, WordPress core will come back and actually call the init function on the main plugin class (7). The init method will in turn hook up two other functions, echoLyric and echoCss to be called by WordPress in response to the ‘admin_notices’ and ‘admin_css’ events, this is not shown in the image above.

And even later when WordPress is ready to render the page, core is going to come back and actually fire the ‘admin_notices’ and ‘admin_css’ events. This is what that parts looks like:

Hello Testable flow pt2

As you can see, at this phase the bootstrap file and the container class has nothing to do with the flow. This is just the normal WordPress flow as you’d expect. A piece of css is echo’ed out and a little bit later, a piece of html follows.

Plugin design

The original Hello Dolly plugin uses the simplest imaginable plugin design. A single PHP file that does everything. My plugin follows a rather different approach:

Hello Testable overall design

The point of introducing the dependency injection container is that we get a distinction between creating an object and using an object. For anyone asking why, the easy explanation is that this is what you get if you want your classes to have zero dependencies, for a more in depth answer: read the rest of this post.

In this design, all dependencies are concentrated to the bootstrap module (a simple php file) and the Runtime provider class. The Main plugin class and the Lyrics class doesn’t have any dependencies on any other named class. And by concentrating the amount of dependencies to a single place (ok, two places) we end up with a class design that lends itself well to unit testing. More on that later.

Some formal background

So I’m suggesting an overly complex approach to solving a problem that Matt Mullenweg solved in roughly 80 lines of code years ago. Why? Well, obviously I’m doing this to show you something important and to begin explaining what that is, I first need to mention three (and a half) quite important topics in software design, namely:

Reducing tight coupling and dependencies

When we write code in a module or class that has strong dependencies on other classes and modules, we end up with tightly coupled code, or code with a lot of internal or external dependencies. The way we have written software in the WordPress community has over the years led to a lot of very tightly coupled code.

The problem with tightly coupled code is that we make a simple change in one place, we often get ripple effects that ends up affecting code in lots of different places. It also makes code reuse a lot more difficult. When the code in one class makes explicit assumptions about the mere existence of another class, our first class has a dependency of that other class. As you can imagine, this is quite common in WordPress, we have lots of dependencies everywhere!

As a rule of thumb, anytime you use the new keyword or call a static member of another class, your current class has a dependency on that other class and it’s worth examining if it’s avoidable. The same thing is also true if you ever call a non internal php function in the global namespace, that’s also a kind of dependency. Avoiding global functions is obviously going to be tricky in a WordPress environment and as we shall see later, globals do make our job a bit harder once we get to writing tests. In the WordPress world, we’re going to have to live with global functions for a long time, but there’s no need for us to add more global functions into our own plugins and themes.

Dependency inversion principle and dependency injection

Dependency inversion principle offers a solution to the problem of tight coupling. At the practical level, it simply means that instead of letting code in a class explicitly refer to other classes and create new objects that it needs, we should get those objects passed in to it before they are needed. A class could accept the needed objects via its constructor or via getters and setters, the how is not as important as the why.

As most people figure out, if we pass in all objects to our class via some mechanism, we still need to instantiate those objects somewhere. In a simple application, we could create all needed objects as part of a simple bootstrap function. When the class structure gets a little bit more complex, we could use a dependency injection container as a practical way to manage the object creation in one single place. By adding a dependency injection container to our solution we get an excellent tool for avoiding tightly coupled code.

Separation of concerns

The third principle is about separation of concerns. We should strive for code that keeps each module and class to be as lean as possible. This has many advantages. First, we avoid ending up with a ‘god class’ or ‘god object’, a large do-it-all piece of code that keeps track of everyone and everything. A god class (or worse, function) is a known anti pattern and deals with application control flow, it reads and write files, it encapsulates configuration and usually a 100 or so other things. God classes are often a mess to maintain and debug or even understand just a days after implementation. It’s better to divide the code into smaller, single purpose classes where each class has a distinct responsibility.

The second advantage with separation of concerns is that it promotes reusable code. Chances are that once we’ve put everything that has to do with i.e. reading and writing settings into a separate class, it’s a whole lot easier to reuse that code in other classes.

Avoid side effects

The last topic is picked up from the PHP Framework Interop Group standard PSR1. Section 2.3. It states that loading a module should either declare things (classes, constants, functions etc.) or it should execute logic. It should never do both. I’m sure there’s a non-PHP specific computer science name for this principle, but I’m going to be honest and tell you that my main reason for thinking this is important is because it makes my life as a PHP coder easier.

Hello Testable implementation

Having these concepts in mind, let’s look at the implementation of Hello Testable and how hopefully some of the design decisions I’ve made starts to make sense. First, let’s look at the bootstrap function in hello-testable.php:

The role of the bootstrap function here is to kick of the process of setting up our plugin. It’s called as a side effect when WordPress includes our plugin file.

First we’re trying to exit early from ajax requests since we’re not dealing with ajax.

Next, we’re checking that we are on a new enough version of PHP, this deserves a comment. To make everything work as we need, we’re going to use auto loading and namespaces through the magic of Composer and 5.3.9 is the earliest version Composer will run on. While it’s theoretically possible to get our job done without it and make the code PHP 5.2 compliant, I happen to think that it’s reasonable to skip 5.2 support. Someone else has already built a well supported and fully functioning package manager (Composer) with auto loading and namespace support that the rest of the PHP community adopted years ago. It makes sense to use it even if it’s at the expense of those poor souls who are still maintaining WordPress on PHP 5.2.

I’m sure all 5.2 users are happy that WordPress still runs on their 11 year old web servers that hasn’t been supported for the past 6 years, but I think it would be unreasonable for them to expect that all new code written for WordPress will.

Line 21 is where the fun stuff starts, we’re creating an instance of a Container and on the next row we initialize the container using our own RuntimeProvider class.

Some of you might notice that I’m creating an instance of Pimple (a well known 3rd party dependency injection container) but it appears that Pimple is part of our own, plugin specific, namespace. Isn’t that weird since we’re using Composer and all? Well, yes and yes. I have made a copy of Pimple and made it part of our own code base. And yes, in an ideal world this is exactly the kind of thing that Composer could help us avoid. The problem here is WordPress.

As described in this post, it’s not really safe to include 3rd party libraries via Composer into a plugin or theme for several reasons. In order to safely take full advantage of Composers package management, WordPress would need to have a centralized vendor folder where all 3rd party libraries reside. As things stands right now, another plugin in my WordPress installation could already be using an incompatible version of Pimple and if that’s the case, my plugin would break. So for now, we should be very careful with including 3rd party libraries via Composer into WordPress themes and plugins, especially if we intend to distribute them. Making a local copy of Pimple and renaming it’s namespace is a pragmatic solution to this problem and Pimple has a fairly small implementation so it’s not that expensive anyway.

Next, our bootstrap function asks the dependency injection container for an instance of the main plugin class and then lastly hook the init function up to the WordPress init event. Note that we’re explicit here, we first create the instance of the main plugin class, then we’re explicitly calling add_action. There’s a reason and we’ll get back to it when we look at unit tests for this class.

Also note that this module actually violates the side effects principle, it obviously defines a constant as well as two functions and it certainly executes some logic. My honest opinion is that it’s OK to violate that principle (and a few others) in the bootstrap module, but that’s about the only place it’s OK. I’m sure a lot of pragmatic people will agree, if you don’t agree, please let me know in the comments below.

RuntimeProvider.php – initialize the container

The role of the RuntimeProvider class is simply to initialize the Pimple container:

This is standard Pimple setup where we tell the container how to provide objects of the different classes we’re going to use. When the bootstrap class initializes the Pimple container, the code in the RuntimeProvider::Register is executed. Pimple promotes lazy loading, so it’s not until anyone actually wants a Lyrics object that the closure function will be executed and a Lyrics object is created. In our little sample, we have little use of lazy loading since all objects will be created at plugin load time. But it’s worth mentioning that this approach doesn’t always mean that all objects are always created at plugin load time since it’s a common misconception. It will simply depend a little bit on your code at large.

The Lyrics class constructor takes a file name as parameter and the main plugin class, helloTestable, wants a Lyrics object as parameter to the class constructor. Pimple will resolve the dependency between helloTestable and Lyrics so that when we ask for helloTestable, a Lyrics object is created on the fly.

Lyrics.php – Fetching lyrics

Consistent with the principle of separate concerns, the main plugin class doesn’t concern itself with reading lyrics, we’ve put all the lyrics related code into a separate class. Also note that the Lyrics class doesn’t even know anything about the song Hello Dolly, it just happily accepts the path to an external file to parse.

(note, this has some security implications since anyone with write access to the server could replace the content of the file with something dangerous, it can be mitigated but that’s outside the scope of this post)

If you have seen the source of the original Hello Dolly song, this should look somewhat familiar.

helloTestable.php – The main plugin class

The last class we’re going to look at is the main plugin class. We’ll do this function by function, first, the constructor:

Real life dependency injection!

This is a typical constructor in a class that uses dependency injection, the only real thing that happens is that we store the injected dependency into a private member variable. Apart from that, nothing and that’s exactly the intention. We don’t want the class constructor to fiddle with anything except it’s own internal state, creating an object should have no side effects on state anywhere else in our application.

Next, we know from looking at the bootstrap code earlier that after creation, the bootstrap function will hook up the WordPress init event to the init method of this class, this is where the class gets to do things that affects the state of anything external:

This should be very familiar WordPress code. Note that we hook up the events to instance functions rather than static functions that you also often see in WordPress code.

The two last functions should be fairly straight forward:

Both these functions are almost but not quite completely uninteresting. You want to note that the echoLyric function is where we use the Lyrics object that was passed in via the constructor earlier. It’s actually the only place in the main plugin class where we make any assumptions at all regarding the Lyrics object, the assumption that there is a function named ‘getLyric’.

This is a fine example of separation of concerns, the main class needs to know absolutely nothing about how lyric strings are created. In a later version of this plugin, we might want to change the implementation of Lyrics so that it reads 10 files with 10 songs and displays half of them backwards. Those changes would only affect the Lyrics class, the main plugin class would remain untouched. The other benefit from following the principle of separate concerns is that the Lyrics class is easy reusable. At some point we might want to get a lyrics string as part of an ajax call to WordPress, and if so, the Lyrics class is easy to reuse.

It’s also a fine example of minimizing dependencies. Back in the RuntimeProvider class, we could create any kind of PHP object we like and pass it as a dependency to the main plugin class, as long as that class has an function called getLyric(), our code will work just fine. We could implement a new class called HttpLyrics that fetches the actual strings from a http server somewhere, or a class called DBLyrics that uses a database table to get it’s lyric strings. The main plugin class will never know the difference.

Code complete – let’s test

With that, we’ve finished talking about the implementation and had a look at all the interesting pieces of code from an implementation perspective. We’ve already seen that while real life usage of some of these principles gives some additional overhead, they start to pay off quite quickly in that our code is nicely modularized and easy to extend.

When we now turn to writing unit tests, we’re going to see even more advantages pan out in real life. I fully understand that even if some of the design decisions I’ve made starts to make sense, I think you’ll see that some of them are more or less mandatory as we strive for fully testable PHP code.

First, a word about unit testing.

Unit testing means that we should test our code in the smallest possible executable units. In PHP the smallest executable unit is typically a function so what we want is to test each function individually. The challenge is that most function often calls other functions, sometimes in other classes and sometimes functions in the global scope. It can quickly become quite messy to isolate each function so that test only concerns that specific function.

This is where the idea of avoiding dependencies in classes, having code modules that loads without side effects and writing code according to the principle of separate concerns should start to sound a little bit more appealing.

We know from experience that WordPress uses a lot of functions in the global scope so it doesn’t really matter how good our own OOP design is, if we’re dealing with WordPress we’re going to have to deal with global functions. Also, some of those functions will interact with the database or make assumptions that other parts of WordPress is initialized. It becomes messy real quick.

In unit testing, the solution to this kind of mess is to work with mock objects and functions. If our code calls a global function like add_action, we can mock that function instead of trying to load the relevant parts of WordPress. Mock function and objects can if used correctly, enable us to fully test our WordPress plugin without ever having to load WordPress. Besides that good feeling you get when following some computer science dogmatic principle that also means that your unit tests can be executed super fast. And lets face it, if the unit test suite takes 2 seconds to complete, youre going to run them a whole lot more often than if it takes 10 minutes.

There are lots of mocking libraries for PHP and PHPUnit but the gold standard of mocking WordPress code is a framework from 10up called (surprise!!) WP_Mock. WP_Mock can be a little bit tricky to get started with so I hope that this post also serves to give a few pointers on how that can be done. But this is not a WP_Mock tutorial so let me know in the comments if you think that’s something you’d like to see as a separate post later.

Writing tests

Let’s dive in and look at testing.

First test class – LyricsTest.php

This test class is for testing the Lyrics object. It really only have one interesting method, the constructor will get test coverage as a side effect from running this test:

We’re creating an instance of our Lyrics class. But instead of giving it the standard lyrics for Hello Dolly, we’re passing in a file from the fixtures sub folder. This file just contains 3 rows, all beginning with the word line and a space. This makes it easier for us to write predicable assertions for this function.

Here we also need to use WP_Mock to emulate the WordPress function wptexturize. Remember that our unit tests should run isolated, so including the WordPress implementation of this function is not an option (if we did, we’d be writing an integration test). Our mock implementation of wptexturize just returns the same string but with a space and the word wptexturize added. This makes it easier to verify that our code ran as we expected, a neat little testing trick.

This is what a unit test for WordPress plugin code will often look like.

  1. We create our object as normal, we only need to pass in our known dependencies.
  2. We mock a couple of WordPress functions from the global namespace and then run our function.
  3. Then to round up, we verify that we got the expected result by running a couple of assertions.

Next up – helloTestableTest.php

When testing the main plugin class, we have to use a few slightly different approaches. First of all, the main plugin class init function deals with WordPress internals, it doesn’t really return any data that we can test with assertions. But we can test that the expected add_action functions are called. Here, we talk about setting up expectations for our code and then WP_Mock will verify that our expectations are met:

For this particular test, we don’t even need to bother with passing in a functional Lyrics object since we know that the init function won’t use it and the constructor will only store it, so we can pass in a dummy. Next, we tell WP_Mock that we expect to get two calls to add_action with different parameters. When we run the init method from our test case, WP_Mock will thrown an error if the expectations weren’t met. Since we don’t have any return data from add_action, that’s about the only quality assurance we can do on this code.

Now stop for a minute and ponder the original statement made in Tom McFarlins post about calling add_action in the class constructor. If our main plugin class had violated that principle, we couldn’t have written this test.

In order to set up the expectations for WP_Mock, we’d first need to have an instance of the class. But creating an instance of the class would have already have called the add_action function and we’d miss our opportunity to check for it. So if you’ve read this whole post just to find an additional argument for Tom’s statement, this is it!

Next step is to test the echoLyric function. When doing this, we’re again getting an advantage of the fact that our code so far has very few dependencies. All that function cares about is that it can call a function called getLyric() on a private member variable. We could pass in our already quite easily testable Lyric class and just feed it a predictable text file, but that wouldn’t be testing in isolation so we want to avoid it. Another option would be to use WP_Mock och PHPUnits support for mock objects, they both have good support. But I’m going to show you another testing trick that I use a lot, creating your own mock classes:

First the mock class (located in tests/MockObjects.php):

Then the actual test case code:

Two things to notice. With our mock test class, it’s easy enough for it to just return whatever we initialize it with, it just needs to implement the expected getLyric() function. Creating simple mock objects like this is often very helpful.

Second, the echoLyric function in our main plugin class echoes out directly to standard out so we don’t have any return value to test against. Instead we’re using PHPUnits expectOutputRegex function to ensure that the outputted text contains the string that we initialized the mock object with.

Let’s stop again and think about what this would look like if we had implemented the Lyrics object with static functions and we wanted to test echoLyric(). In that case, the class name ‘Lyrics’ would already be hard coded into the code of helloTestable.php and we’d have a hard dependency to work with. It wouldn’t have been possible to mock the Lyrics object in any sensible way and we would have to accept a test that wasn’t as isolated. We’d be stuck with our test case indirectly using the standard implementation of the Lyrics class and we’d also be stuck with any dependencies that in turn would have. For this simple plugin it wouldn’t be a big deal, but imagine if the Lyrics class fetched lyrics data over http from a very slow or unreliable host. Our test would then depend on that unreliable host.

The last function in the main class is the echoCss function. This function uses the WordPress global function is_rtl() that we need to mock. For good measure, we test both possible return values from this function. This is easy to do in WP_Mock by defining a ‘return_in_order’ element that will give different return values for the first and second time it’s called:

Last but not least – RuntimeProviderTest.php

The runtime provider only have one function and we’re just going to write one test case for it and it’s really straight forward:

Asserting that we get the right kind of object when asking the container is really the only thing that makes sense to test.

With the above tests in place, we should be able to run phpunit from the command line and end up with a coverage report like this:

Hello Testable coverage report

Conclusion

Some 4500 words after I decided to add a few comments and insights to a post by Tom McFarlin, here we are. The point originally made was that we should avoid calling add_action and add_filter in class constructors which is still very true. If you made it this far into the post, you hopefully also agree that it a good idea.

Hopefully you also agree that it’s a good idea to consider what happens when follow a handful rather simple and obvious rules of how to write code. Rules by the way that have been known in computer science community for decades by now. Follow them and you’ll end up with testable and maintainable code. And as always, once you know the rules and how they help you write better code, you may break them as much as you want because you understand the consequences.

While writing this I think I’ve left out more examples than I left in, there are tons of other points to be made, samples to be shown and arguments to be had. Please let me know what you got out of this. Questions or opinions alike, I’d love to hear from you in the comments section.

New tricks for the Checksum API

Dog with new trick

As a step in preparing for new features in Integrity Checker and wp-checksum, the backend API that powers the two packages has learned a new trick. Alternative hashes, a way of saying that a specific file may have more than one acceptable MD5 hash.

Why are alternative hashes needed?

Lots of WordPress plugins and themes sometimes has small changes made to them without the version number getting bumped. The most common example of this that the readme.txt of a plugin is often changed when a new version of WordPress is released.

The readme file contains information about the latest version of WordPress that it was tested with. This information is shown to users in the plugin repository and can be a vital piece of information before deciding to install a plugin. So it’s quite natural that after a new release of WordPress, plugin authors update the readme file to reflect successful testing on the new version. The content of readme.txt doesn’t change the plugin functionality at all, so it’s quite OK to update it without bumping the plugin version.

The problem is that an updated readme.txt forces the MD5 hash to change and both Integrity Checker and wp-checksum will see this as a sign of a modified file and alert the user. Integrity Checker (and soon wp-checksum) has the concept of a SOFT change and will flag a modified readme.txt as one. But the modified file is still shown and may cause concern.

It’s not too uncommon for plugin authors to modify other files without bumping the version number. We’ve seem a lot of different files get a lot of different modifications within the same plugin version number. Sometimes it’s a corrected typo, other times it’s a quite dramatic change.

The end result is that for any given official version of  a plugin or theme there may be multiple actual versions, one actual version for each commit into the WordPress repository.

 

How does alternative hashes help?

By having alternative hashes defined for a file, the clients that are using the API will have far fewer false positives. The contents of a file in your WordPress installation might differ slightly from what that same file looks like in the WordPress repository. But that doesn’t mean that your files was modified in a malicious manner, it might just mean that the plugin  author modified the file without bumping the plugin version.

For any type of security related software, avoiding false positives is a good thing for several reasons. Most importantly, it means that whenever a real modification is found, you are much more likely to take it seriously. Another benefit is to avoid causing uncalled for worries, the less experience a user has, the more likely he/she is to become overly worried about something that turns out to be a false positive. All in all, reducing false positives is a win.

Next steps

With the upgraded backend API in place, both wp-checksum and Integrity Checker now needs to get support for the added feature.  We expect to have both clients updated within a week. Having said that, we’re not 100% in control over when the updated version of the plugin in the WordPress repository will be made available since the repository maintainer has a stricter upgrade procedure in place these days.

Access to the API

For the majority of users, accessing the API is mostly done via one of the clients we provide, Integrity Checker and wp-checksum, but the API is public and to some extent free to anyone.  If you’re interested in developing your own client, please don’t hesitate to contact us for API keys as well as developer documentation.

Your thoughts

We’d be glad to hear back from you. Ping us if you want to know more about the API, get an API key or just to say hi. We’d be especially happy if you have any ideas on how to improve client functionality or if you want to contribute to the development.

Introducing Integrity Checker

integrity-checker-logo

I’m very proud to introduce the newest member in the WordPress Essentials family: The WordPress Integrity Checker plugin, or just Integrity Checker for short. Download it straight from the WordPress plugin repository or stay here and read more about it.

Integrity Checker is an admin plugin that will help you find potential security issues with your WordPress installation. It uses three different strategies to do so:

  1. Verifying file integrity by comparing the checksum of each file in WordPress core, plugins and themes against it’s original version
  2. Verifying file and folder permissions for all important WordPress files and folders
  3. Checking for some well known security problems related to WordPress settings.

File Integrity

Integrity Checker uses the same powerful technique and back end API as it’s older brother wp-checksum. It will go through all individual files in your WordPress core as well as all plugins and themes and compare the exact content of the file with the original version of each file. Any difference between your local version is reported back to you.

Issues in plugin
Integrity Checker reporting about suspicious issues in a plugin

Our back end database keeps MD5 signatures (fingerprints) of how each file looked in the WordPress official repositories at the time of it’s release. So even if you’re not running the latest version of every plugin, we’re almost always able to find the original version to compare to. What makes Integrity Checker (and wp-checksum) a little bit unique is that while many other tools can compare files in WordPress core, our back end API also covers plugins and themes (and even som premium plugins too).

Knowing that a file has changed is one thing. But Integrity Checker takes one more important step and lets you see a visual diff between your file and the original, making it extremely easy to understand what’s going on. Sometimes a detected change is just a few added spaces in a harmless place, sometimes it’s an outright security problem. Integrity Checker helps you tell the difference.

Showing a diff in Integrity Checker
Integrity Checker highlights the actual row that is different between the local version and the original version.

File Permissions

Another important aspect of WordPress security is keeping an eye on the permissions for all files and folders. WordPress.org has a very clear recommendation on what they should be and it’s easy enough to change. The only problem is that it’s quite difficult to determine what they actually are without using an external ftp or sftp client. Integrity Checker can scan all files and folder in your installation and report if any issues are found.

Permission issues
Integrity Checker reports about permission issues found in a WordPress installation.

Settings and related issues

The last tool in Integrity Checker is checking up on common problems caused by configuration and settings. While WordPress is mostly secure from out of the box, there are multiple things that we as users can get wrong and that compromises the overall security. This includes problems with:

  • Bad or weak database credentials (database)
  • Bad or non existing keys and salts (wp-config.php)
  • Lack of SSL security to protect the admin area (webserver)
  • Directory indexing allowed (webserver)
  • Old versions of core, plugins or themes (user related)
  • User enumeration (WordPress weakness)

By checking up on these common issues, Integrity Checker helps you highlight issues that you might have just forgotten or even didn’t know about.

Free for all, but with opportunity to contribute

Integrity Checker uses our powerful back end API to do a lot of its work. While we’d like to be all generous and give this away for free, we’d also like to find a compromise that works for as many users as possible and at the same time allows us to focus our time to maintain and enhance our products.

We’ve settled on a business model where small sites with a casual usage of either Integrity Checker or wp-checksum (the cli version) can use the back end api for free. When usage is scaled up with more frequent checks of more and larger sites, there is a cost associated with using the api.

As an anonymous user, you can query our API 25 times per hour(subject to change). We think (but would love your input) that this is sufficient for most small and medium sized WordPress installations with 20-25 plugins and a theme. There are some caching going on in the background, so repeated scans doesn’t always result in more queries to us. We create an anonymous user in our database and assign an API key to that user, that API key is sent back to your WordPress installation and stored in your database. You can see your API key in the About section in Integrity Checker as well as your current API usage.

If you are willing to share your email address with us, we increase that hourly quota up to 75 requests per hour(subject to change).

The API key’s can be reused between sites, so once you have registered with us, you can use that key on more than one site.

If you need more than 75 requests per hour assigned to one API key, you can purchase a premium subscription from this site

 

At last

We’re quite proud of this new offering and we’re hoping that other members of the WordPresser community agrees with us. Do you have a question or comment about Integrity Checker or wp-checksum, please let us know in the comment section below or on Twitter.

 

Finding compromised plugins in WordPress

Lots of code

I’ve just released version 0.1.2 of wp-checksum a new wp-cli sub command.

Wp-cli has been able to verify checksums of the WordPress core for some time now. This is a powerful command whenever you’re dealing with a site that might be hacked. With Wp-checksum, we bring the verification functionality to standard plugin and themes as well. Finding one or more of files in a WordPress installation that have been altered is a very serious warning signal. Having a tool that checks each individual file automatically is very powerful.

What does it do?

The tool will index every single file inside each theme or plugins folder and calculate a checksum for it. That checksum is then compared to the checksum of the same file of the original plugin code. Wp-checksum also detects new files that have been added to the plugin folder. Any plugin and theme that was originally installed from the WordPress repository can be checked.

The default output format is a standard wp-cli formatted table. But there are options to output as json, yaml or csv as well.

WP-checksum output

At this point, the wp-checksum command uses a centralized database that keeps track of all versions of all themes and plugins on the repo, accessible via an API.  Using a centralized database is not only beneficial for performance reasons, it also means that over time we should be able to include some of the most popular premium plugins in there.

It’s on Github

To install and try wp-checksum on your installation, head on over to github to read more and get the installation instructions.

 

WordPress Devops The Book. 2nd stint

Hi all,

Last September I released my first book on WordPress simply named WordPress DevOps. It’s a really long tutorial covering how you can adopt your WordPress development process to make WordPress play along nicely in a more mature development environment. You know. With a separate environments for development, testing, staging and production, testing, proper deployment scripts etc.

Right now I’m in the process of editing the book for a 2nd edition. It’s already changed a whole lot because since the first version I’ve spent a great deal of time developing a wp-cli command called WP Bootstrap that takes away lots of the gory details of managing the scripts needed. And I like to think that some of the feedback I’ve received will make the book explain some concepts better and to over-explaining some others. All in all, I think the 2nd edition will be a whole lot better.

But before I finish up this project, I’d really like to get your input on what You’d like to read more about in a book about WordPress development and DevOps. Please make your voice heard in the comments below or shoot me an email at erik@wpessentials.io Here’a few ideas to get you started:

  • Deploying to shared hosts (as opposed to a VPS with git and wp-cli installed)
  • Various deployment tools? Capistrano? Ansible (no idea if it’s a good idea)
  • More on testing. PHPUnit is a given, but how about WP_Mock? Full systems testing?
  • Working with Composer and WordPress?
  • More wp-cli tips and tricks?

PS.

Since I consider this being a 2nd edition, everyone that purchased the first version will get the free update. Customers who bought it via Leanpub will get the update automatically.  Did you buy it via Paypal? In that case we’ve got your email address already.

WP Bootstrap 0.4.0, now a wp-cli sub command

Dr Martens - spring edition

 

So, as this post is written, the test suite for WP Bootstrap 0.4.0 all turned green and a new version is about to get tagged and available via composer. This release is a big one. If you’re the least bit interested in managing WordPress in a proper deployment workflow, I think you should continue reading.

Selection_466

Tighter wp-cli integration

This is the first release of WP Bootstrap that is entirely intended to be used as a wp-cli sub command. That means that instead of using WP Bootstrap as a stand alone command (or via composer scripts), all WP Bootstrap actions are now sub commands of wp-cli. Where we’d previously would have typed:

$ composer wp-setup

We’ll now be typing

$ wp bootstrap setup

That might seem as a very small change and on the surface I admit it is. But underneath the hood it has meant a lot of changes like replacing almost all external calls to wp-cli via exec() to using the internal wp-cli methods. Since wp-cli comes with functions for logging, output formatting and most importantly, internal functions for running other wp-cli commands, a lot of code has been cleaned up and Monolog  as well as Phpleague CLImate was replaced with corresponding wp-cli functionality. Last but not least, WP Bootstrap now uses Pimple for dependency management because it’s one of the few with the same PHP version requirements as wp-cli itself.

Settings files with dotenv and Yaml

Previous versions of WP Bootstrap has used json files for both application and local settings. Since json is not really that suitable for configuration files they are now gone.

Environment specific settings was previously kept in localsettings.json but are now replaced with dotenv files. Most DevOps engineers are familiar with dotenv files and several provisioning and deployment systems has support for working with them. So one of the benefits of switching formats is that more engineers will recognize them. WP Bootstraps uses Vance Lucas implementation of dotenv which enables a very elegant way of overloading values from several dotenv files. By defining that we’re working in environment ‘test’, we can have WP Bootstrap first load values from the base .env file and if it exists, overlay with values picked up from .env-test.

A bigger change is that appsettings.json is now replace with appsettings.yml. The format is pretty much still the same and converting an old appsettings.json can be done in seconds using a service like JSON to YAML Online. The main benefit of switching to Yaml is that Yaml allows comments. For a configuration file that keeps on growing this is surprisingly important. Just like dotenv, Yaml files are already quite popular among a lot of DevOps engineers, probably because Ansible uses them. And the fact that wp-cli itself relies on Yaml made the decision quite easy.

Feature upgrades

There are a few new features, some of them technically saw the light of day earlier than 0.4.0 but haven’t been previously announced (besides in the change log):

Extensions

Yes, WP Bootstrap now supports having extensions that can react to actions and filters. An extension is just a PHP class that implements the method ‘init’. In the init-method the extension can hook up to a few filters and actions. The PHP class can be loaded using Composer auto loading or it can exist as part of a theme or plugin. WP Bootstrap just needs to know the name of the class and you just need to make sure it implements the init-method.

The use case for this is to provide a way to perform extra processing during export and import. For instance, we’ve written a WooCommerce extension that handles import and export of the custom database tables that WooCommerces adds to a WordPress install. I expect to find the time to write blog posts on this topic really soon because it opens up a whole lot of new use cases for WP Bootstrap.

Plugin dependencies

Another important new feature is the ability to define dependencies between plugins and themes. Some plugins (mostly) simply will not install correctly or at all unless some other plugin or theme is already in place. To mitigate this, WP Bootstrap now allows you to define which other themes or plugins that needs to exist before this one gets installed.

Performance

When importing lots of media files, WP Bootstrap would always regenerate all thumbnails. When dealing with hundreds or even thousands of images, this becomes very time consuming. WP Bootstrap now checks if an updated image was actually changed before generating the thumbnails again. In a similar way, in the setup phase, WP Bootstrap would try to reinstall plugins even if they were already installed. While wp-cli would refuse to do the actual work, the plugin file would be downloaded from the repo on every attempt which costs a lot of time.

Removed features

Since WP Bootstrap is now just a wp-cli command, there’s no real need for keeping the upgrade commands for themes and plugins anymore. For command line management of plugin versions, you are better of using the standard wp-cli commands instead.

Test coverage

Refactoring tests and using with WP_Mock

Code quality is still one of the most important aspects of WP Bootstrap development, so a lot of time was spent on refactoring code and making sure code coverage remains high. Tests are now divided into unit tests and functional tests. Unit tests uses WP_Mock and manages to get up to about 50% code coverage without even needing a proper WordPress installation or a database. It should be possible to reach near 100% coverage for the unit tests, but we’re not quite there yet.

The other half of testing is made using functional tests. The functional tests requires a WordPress installation to work. Generally, the functional tests are easier to write but they are also much slower to run. Some tests are also impossible to get code coverage measurements from. As of the 0.4.0 release, functional tests covers roughly 66% of the code base but the overlap with the unit tests are quite high. Together unit tests and functional tests covers about 82%. That’s actually down a little bit compared to version 0.3.0 and that’s obviously an area to focus on going forward.

 

All test cases are still kept in a separate github repo just for testing. If you want to contribute to WP Bootstrap, this is where I recommend you start looking. Any contributions to WP Bootstrap are more than welcome, you can just send a pull request or better, shoot me an email first at: erik@wpessentials.io