SymfonyWorld Online 2021 Winter Edition
December 9 – 10, 2021
Watch the talks in video
Vulnerabilities and Security Round Trip
The Symfony Core Team put a lot of effort into making the Framework and the Components safe and trustable.
But not everything is under the maintainer's control; when building an application, we have to take care of using the libraries correctly, upgrading the dependencies, and, of course, not introducing security issues by ourselves.
In this talk, we will see several cases of security issues, what are their
impacts and especially how to fix them.
We also take time to define an "upgrade" policy to ensure that your application is not running a disclosed vulnerability.
Decoupling your application using Symfony Messenger and events
Web applications get more complex over time.
We start with a simple application, create a business on top of it. Start hiring people, and all of a sudden the code does not talk in the same business language. It becomes harder to change.
There are strategies like Domain Driven Design that shows how to put business rules into your code and publish domain events that can be consumed asynchronously by another service.
For example, when a booking is made, we want to send an invoice, reacting to a Booking was confirmed domain event.
By decoupling the code with domain events we have the help of Symfony Messenger.
Symfony messenger allow us to simplify our business allowing to publish and react to those domain events, no matter where we publish them. We can even create specific alarms on some specific events that are important to our business and specific retry strategies.
Data Validation models
On daily basics we need to validate data incoming to our application. Let's see how different we can work with different validation libraries like Symfony Validation or Webmozart Assert.
- What is the difference between syntax and semantic validation?
- When we can use deferred validation instead of keeping our object always valid?
- What libraries can help us to perform validations in our application?
How to handle dynamic data structure ?
Storing data in your applications is a recurring task. But what happens when the structure of the data needs to change without redeploying? For example:
- E-commerce products with different attribute combinations
- Dynamic form values configured by users
- Different sets of metrics on monitored services
To solve this problem, we can use the (unloved) Entity-Attribute-Value data model. But why is it considered an anti-pattern by some developers? Let’s see together how this problem has been solved by different PHP projects like Sylius or Drupal and how Symfony can solve (of course it does) related major problems.
Dealing with dependency troubles in your Symfony project
When your Symfony application grows or when you maintain multiple applications that reuse code, you probably maintain some shared library and/or bundle. Even if you don’t, you are likely using bundles and libraries from the Symfony- and PHP-ecosystem. Chances are that you run into issues with dependencies, especially now with PHP 8.1 and Symfony 6. How can you avoid dependencies blocking your upgrade and what can you do as a maintainer to make sure you don’t block others? That is not an easy question, but package design principles are a good way to start.
In this talk we will discuss package design principles and how Symfony and other popular PHP packages implement or deviate from them and how it affects users and maintainers. We will look at how PHP open source projects have dealt with dependencies blocking them and have a look at some of the famous problems from JS and NPM and what lessons we can learn from them. Hopefully, at the end you will be well prepared for upgrading your own libraries, bundles and applications and know how to confidently handle dependency issues in the future.
Symfony Notifier Demystified
The Notifier Component is marked stable since Symfony 5.3 and many bridges have been added to it recently.
Now is a good time to have a closer look at how the Symfony Notifier works and what you can do with it.
Symfony Components and Design Patterns
There are so many Symfony components already, and they have some pretty neat perks. But have you seen them in action?
Design patterns are not a silver bullet. They will never resolve your problem on their own. On the other hand, design patterns provide a common ground for developers without going into details and could be used as building bricks to solve some more advanced problems.
During my presentation, I will take a closer look and explain the appliance of selected design patterns. What is more, I will take advantage of the Symfony ecosystem to implement them with ease.
I will do the presentation on sample code that developers will understand at all levels of expertise.
Runtime component: The game changer
With Symfony 5.3 came a new Runtime component. It allows your application to run decoupled from the global state. That means your application will be portable to many different systems without making any changes.
This is a massive step forward not only for Symfony but for all PHP applications. It is especially beneficial for users that want to run ReactPHP, Bref, Swoole, etc.
Let's play a game with Blackfire Player
How to improve performance testing of your application? The best way is to include performance test into your CI pipeline! Based on the examples from GOG Store, let's check how to integrate Blackfire Player with Docker and Continuous Integration pipelines!
Symfony BC Promise demystified
Everyone using Symfony needs to customize a built-in feature at some point, either to fit some specific business requirements or just to perform some extra tasks. Sometimes, that requires to change the way some core services are wired, which often leads to friction at time to upgrade.
Should you just copy/paste the feature code and change it to your needs then?
Most Symfony features are designed in a way that makes it possible to extend them somehow, with little or no tight coupling.
In this talk, we will review the factors that should be taken into account in order to use and extend Symfony's code the right way, based on real-word examples and a deep dive into the backward-compatibility promise, plus some tips pulled out of my maintainer hat.
The New Testing Landscape: Panther, Foundry & More
Symfony comes with a number of tools for testing, like BrowserKit & DomCrawler as well as test classes for booting the kernel, accessing services, and using a bunch of built-in assertions.
In this talk, we'll explore a set of new tools & clear patterns (Arrange, Act, Assert) for test…
How Math, Science, and Star Trek Explain the Value of Team Diversity
The greatest asset of open source software is the ability to fork and improve. When it comes to tech culture, are we accepting all pull requests? Can we be better?
If so, how? To the science!
This session explores the mathematical algorithms and scientific studies describing the advantage of diverse teams. We’ll dive into existing research and real-world situations that solved complex problems. We’ll also explore a mathematician’s theory that “diversity trumps ability.”
We’ll also explore how Star Trek played a pivotal role in being the allegory for this concept.
Attendees will take away concrete ideas, examples, and processes to, hopefully, increase the output of their team in the long-term.
Everything about Symfony 6
Symfony 6 is the culmination of 2 years of hard work by the community. It embeds all the new features added during the development of Symfony 5, but also removes all the features deprecated during the same period. With PHP 8.0 as the minimum supported version, Symfony 6 is also an opportunity to embrace new language features.
Let's do a retrospective of what's we did together. Want to know about the major new features? How we modernized the codebase? If Symfony is here to stay? This is what this conference will tell you about.
Using the SecurityBundle in Symfony 6
Wouter de Jong
During the past two years, a lot of things have changed in Symfony Security. While the main concepts are the same, features have been changed, removed or introduced.
I'll be sharing my personal "best practices" using all the new security functionality in Symfony 6. And we might find some hidden new features that can help you customizing security to fit your needs. By the end of the talk, you'll be ready to maintain and set-up fully secured applications with Symfony 6!
Tools for upgrading Symfony Applications
Malte's web agency started building web applications 24 years ago, using Symfony for the last 10 years. Dozens of these applications are still in operation and are developed further each year. You can imagine there is a lot of legacy code, and it grows with every new Symfony version, with every new PHP version, with growing developer experience and new development practices.
If you are like Malte and neither want to let this legacy code go moldy nor want to update it manually, have a peek into his 2021 toolbox for upgrading Symfony applications: tools for code style, feature determination, dependency management, batch replacements, static analysis and even semi-automatic upgrades for minor and major Symfony versions.
Building a SaaS product with Symfony : tips and tricks
After several years of experience building Software As A Service products, I would like to share with you the crucial and less crucial tips on how to build a technically effective platform while focusing on your business. We will talk about how to build great subscription mechanisms, how to leverage EasyAdmin, why and how you should rely on other platforms (Stripe, Sentry, SymfonyCloud) and finally how you can plan your software architecture for growth.
Working with Twig in Symfony “Tips and tricks”
Twig is really linked with Symfony, but rarely gets love during online conferences.
⚡️ Yet, it's incredibly powerful and useful in many ways, to save source code writing, to achieve common algorithmic operations, etc.
This talk goes through a few interesting things regarding Twig:
🌾 the Twig / Symfony bridge
🌾 good practices with usage (SEO, performance, directory architecture, forms, etc.)
🌾 general information like coding standards, escaping, philosophy, etc.
🌾 how to extend Twig and why you would need to do such a thing
🌾 smart tricks you probably never thought about
🌾 usages and REX on advanced functionalities (caching, translations, etc.)
🌾 real life examples, through OROCommerce, Sylius, Drupal, Symfony UX, etc.
Let's show some love to our favorite templating engine! 💚
Symfony Forms: Advanced Use Cases
The Symfony Form component offers many features out of the box. It covers 80% of
use cases, but how do you deal with the 20% left? If you have read the
documentation, you probably know how to use it. But do you know how it works?
To implement your business on top of Symfony Form, you must know how it works
under the hood, and how you can extend it. I will illustrate those underlying
concepts through a series of standard use cases:
- Make a list of items sortable;
- Hide or disable fields based on user permissions;
- (more, to be discovered during the conference).
This presentation will give you insights into how things work inside the Form
component, and how you can hook in it.
My prod is down, let's escape from Service Oriented Architecture Hell
Once upon a time, a Service Oriented Architecture. One day, an issue appeared on the frontend, but no one knew which service was breaking the call sequence.
During this talk, an inside man with Blackfire as a main weapon, will demonstrate how he survived in a flood of requests and services. Thus to prevent his production from remaining down for too long
From big ball of mud to clean architecture with Symfony
Surely the story sounds familiar: You have an application that has been made with Symfony taking advantage of everything that allows you to develop fast: Twig, Doctrine, Form, Asserts, Annotations, Symfony Events, Firewall, Security, etc.
The application grew too fast and one day you find yourself with an application with duplicate entities, entities that do not contribute anything but confusion, too-powerful forms, magic that not even who created it understands ... no tests (the elephant in the room)...
What do we do then? "Let's start again, now we'll do it right"! The result? Multiple applications (as many as new attempts to get it right), all with replicated functionality... all "wrong".
You've heard "things" about TDD, DDD, CQRS, Hexagonal Architecture, Onion Architecture... Rich Domain Models and it's clear to you: that's your salvation. Shall we start again? In case you haven't learned the lesson yet... You can evolve your big ball of mud towards clean architectures without having to start from scratch.
In this talk we will address how we faced the problem keeping Symfony as a framework on which to develop the product:
- What previous decisions we made and why... both in terms of code and organization and work of the team.
- What components we rely on to start thinking about clean and abandon mud.
- How we face the transformation of anemic entities coupled to Symfony and Doctrine to rich domain models.
- How we approach testing.
- Trade-offs we assume as part of the process and why we don't care.
Symfony and Docker: a refreshing new experience
Recently, new configurators for Docker and Docker Compose have been added to Symfony Flex.
This means that Symfony can now transparently add the services and PHP extensions needed by your preferred packages!
You want to use Doctrine ORM? So you need a database and the related PDO extension! We’ve got you covered.
You use the mailer? So you want MailCatcher in your development environment? Let’s do this.
You want Panther? so you need Chrome and ChromeDriver! No problem!
But there is more: we now offer you Docker skeletons that take advantage of these new capabilities, and that you can use locally, but also in your CI system and in production!
The Benefits of TDD
This talk is focused on people starting with Test Driven Development - aka TDD. We'll begin with explaining what TDD really is and we'll follow by a demo of the "Bowling Game Kata". It's a very interesting kata where a game is developed step by step applying TDD techniques until all the requirements of the game are implemented. Then, we'll talk about the benefits of applying TDD when developing an application.
Static code analysis: how I learned to love the tool
Alexander M. Turek
A year ago, I took over a legacy codebase, with zero tests and a full bug tracker. My team and I had nothing to lose and as an experiment, we introduced a static code analysis tool. While this made our situation look even more dire than before, we never looked back.
Let's explore what a static code analyzer can do for you. What issues deserve to be fixed? How can I help the tool understand my code? And even more importantly: When can we ignore suggestions made by the tool?
Give your Traditional Site the "single-page-app" Feel with Turbo
One of the biggest draws to building a "single page app" (SPA) is that full page refreshes are gone, giving users a quick and responsive experience. And, until recently, it seemed like you needed to choose between a "responsive SPA" *or* a "traditional" app... which are often much simpler to build.
But... that's a lie! Thanks to Turbo, we can now build traditional applications that return HTML *and* have the "no-refresh" SPA experience.
We'll also get a primer on Turbo Frames and the *super* cool Turbo Streams, which allow you to (with Mercure) update any part of any user's page in real time!
So lets go build a traditional app *and* give our users the quick experience they deserve!
Did you miss SymfonyWorld Online 2021 Winter Edition?
Join us at an upcoming conference!