Monday, May 25, 2015

Building a bank with EPiServer?

Can it be done?

Yes. And this blog post is about how it can be done. I want to share my thoughts and experiences about writing EPiServer sites, connected to third party services and/or external APIs, with code examples and design suggestions.

 

Should it be done?

Yeah, why not? Long answer: if you already have a nice and smooth communication between product owners and developers - a daily constant flow of feature and content production releases - you probably wouldn't need a Content Management System (CMS) at all. But if you release code a couple of times a month, maybe even longer in between the releases (like most companies out there), a CMS is great to have in place. EPiServer is a good choice for that. Let's build a bank with it!

Actually, I have built one already. Well, no. Not really. But I wrote an example project with some of the building blocks I think an EPiServer site connected to external back end systems should have. 


Here's the code (at Github)
 



I know, I know ... it's a very simplistic example. I wanted to get rid of all the noise, and focus on the "core" stuff that I think is important. I think most of the features in the example code are ready for you to use today, a few things are for demo purposes only (like the implementation of the logger interface). 
 

NoScript First

The example code is an EPiServer MVC site: one page instance with a form that is posted to a controller on the server. The server code is sending the data to an external web service and the service returns user data to be displayed in the user interface. 

Let's zoom in to the form and the posting. All user input should be sanitized and validated. The data sent should be restricted to http POST, along with an anti forgery token. Use the built in model binding and data annotations for the validation of data.





I would recommend you to start developing with JavaScript disabled in the browser. That is a development style I like to call NoScript First. I think it will help you to focus on the security and the basic flow. When you are done with the basics, enable JavaScript and write client side code for a better user experience. You can hijack the form submit action and post the data with ajax, instead of a full page reload.

Here's some more info (with code examples) about NoScript First:
You might not need JavaScript

 

The basics with Dependency Injection

Try keep the controllers as light weight as possible. Extract methods to specialized helper files and inject all dependencies by using a tool like StructureMap. For testability, use c# interfaces instead of concrete classes when injecting the dependencies.

There are trade offs: your source code may seem complex at first look, especially for developers not used to these kind of patterns and abstractions. By hiding the implementations behind APIs (interfaces), you can switch between different implementations, even in runtime. But why would anyone want to do that? I'll will answer that shortly.

 

Isn't unit testing dead?

Dependency injection will simplify testing. A unit test can focus on a specific part of the source code, by providing it with fake implementations of the dependencies and control the data that is passed between them. But why unit test stuff at all? For me, test driven development is a style. A tool, helping me to write code that is specialized, minimalistic and (hopefully) readable. For me, the actual testing is secondary. That's why I think some parts of the source code can be just fine without unit tests. It is alright! However, be strict with unit testing your validation features, like the custom data annotations in the example code. Write unit tests until you are sure that your validation methods does the right thing. Try different scenarios, not only the happy path. Be evil. If you wake up in the middle of the night, because you had dreamed about ways to bypass the validation, write a unit test that prove it. Solve the issue and run the tests again.

To get the dependency injection stuff in place in your controllers, start with a simple unit test "newing up" a controller, develop and refactor the code from there. I think unit tests eventually will help you find the flow, especially when it's done test driven style.

If your controllers handles EPiServer content, such as traversing an EPiServer page tree to create menus or lists, I recommend using FakeMaker - a tool that simplifies unit testing for scenarios like that.

 

Something between the web and the services: Providers

A third party web service or a back end API is probably developed for general purpose, to be used by many different channels. A web site is specialized and customized. The data passed from a service will most likely not fit perfectly with the view of a web user interface. To create a nice user experience, the data probably has to be rearranged in some way (formatted, combined, simplified, renamed). Do that in a separate class library.

Map the data objects from the service to local domain objects that are customized for your user interface. Map the service class properties you need to a local domain object. Let AutoMapper handle the mapping, it's a great tool. Also, make sure you unit test the mappings! Included in AutoMapper, there is a unit testing feature called "AssertConfigurationValid". It has saved my life many times.

Let the library take care of the connection to the service, and keep the user interface unaware of the service API. The library should have only the features needed by the web user interface, no more than that.


I would call a library like that a Provider. Consume the providers by injecting them into the web project code (as described earlier with Dependency Injection). The web communicates with the API (the interface) of a Provider, that means that controllers also are unaware of the actual provider implementation (the concrete class). In the example code, the mappings between interfaces and concrete classes is handled by the StructureMap configuration.

With providers, you can switch service implementations without the need to alter the code in the web project. The same goes for the providers themselves. One provider implementation can be switched to an other one. But why would anyone want to do that? Okay, maybe it's time to give some answers.

 

Fake it!

During development, the back end services may also be developed in parallel and could go offline from time to time. Being dependent on an unstable external service is risky. To be able to write code, browse and test the features of a site, using fake implementations of providers returning fake data is a way out of the problem. Faking it will make it possible for the team to be "offline" and still be productive, i.e. no direct dependencies to a web service or third party system.

There are other practical uses of fake Provider implementations. The site pages that are heavily based on presenting data from back end systems (like an account transaction list) will not look any good at all when logged in as an EPiServer editor (that most likely isn't identified as an existing customer in the back end system). To create a good user experience for editors (and avoiding embarrassing page exceptions in edit mode) fakes can be very useful. Instead of cluttering the controllers with if-else statements all over the place, determining if the current user is an editor or not, you could use your already existing fake providers! That means fake providers actually will be used in production.

To be able to switch between fake and live providers, the injected dependencies need some modification. That is because the StructureMap configuration will run on application start, and checking the logged in user role there won't work. It has to be done per request, triggered from the controllers.

 

Be water, my friend (inject the Factories)

You probably already have noticed in the example code that some sort of factory is injected into the controller, and not the actual provider. The provider is retrieved later in the constructor, by calling a factory method. This occurs on every request. The factory method is where the if-else checking takes place. Is the current user an editor or not? The StructureMap configuration also has two implementations added - one fake, one live - for a provider interface. This makes it possible for the factory to pull the desired implementation from the dependency resolver.

Note: Today I met Jeremy D. Miller (the creator of StructureMap) at the DevSum conference here in Stockholm, and he showed me some examples on how to configure StructureMap without the need of factories. I like it a lot I will try this out (and update the GitHub code repository).


(Okay, maybe this video hasn't that much to do with injecting Factories, but I like Bruce Lee and think this video is cool)

 

What's Pippi Longstocking got to do with it?
Finally, let's talk about the fake data itself. Using this setup, the development team have the opportunity to stress test the UI every day, by providing data that goes beyond the perfect and well balanced placeholder text areas in the design templates delivered by the UX team. 


One obvious thing to test is the name of the logged in user. Here's an idea: add a fake data user with the name Pippilotta Viktualia Rullgardina Krusmynta Efraimsdotter Långstrump (that's the swedish full name of Pippi Longstocking)! How will the user info section of the site behave with a name like that? Well, maybe "Pippilotta Viktualia Långstrump" would be enough, let's not exaggerate. But be aware, in the real world, there are people out there with some really messed up names ... being prepared for it might be a good idea.

What do you think about all of this? Please share your thoughts and ideas about building a bank with EPiServer.

Here's the code (at Github)

Tuesday, May 12, 2015

EPiServer and programmer friendly analytics with _tics.js

Writing web analytics client side code should be really simple, and programmer friendly. If simple and programmer friendly, teams will have control over the production code they are maintaining, knowing what it actually does. To support that, I wrote a little JavaScript helper library called _tics.js a while ago.

The main features of _tics.js are (besides basic page tracking) advanced event tracking of form fields, buttons and links, including grabbing field values, value changes and the position of clicked links in a banner list or a menu.

What is _tics.js and why should I use it? Read about the features here.

I recently tried out some of the features of EPiServer 8 and came across the new Google Universal Analytics support. My first thought was: Can I use it with the features of _tics.js?

Yes, and here's how.

EPiServer Google Universal Analytics and _tics.js

All you have to do is provide _tics.js with a Tracking Id and the Tracking domain. With the new Google Universal support of EPiServer 8 (installed via the EPiServer NuGet feed), the values are added by an editor in the EPiServer CMS admin view. I have experimented and found a way to grab those values, and it can be done by using the Accessors class in the GoogleAnalytics.Services namespace.

var settings = EPiServer.GoogleAnalytics.Services.Accessors.GetTrackerSettings();

You can now provide the data to the client. 


Here's an example. I have used the Alloy MVC template (and perhaps written the C# model code a bit sloppy, but I leave the clean code implementation to you).


Grabbing the analytics values and storing them in the View Model.
Storing the analytics values in html hidden fields. Initializing _tics.js with data.

With the _tics.events() function, changes in individual form fields will be tracked and will make it possible to analyze user behavior.

In this example, the standard _tics.page() function is not used (i.e. basic page tracking), because it is already being done by the generated analytics code from the EPiServer Google Analytics Nuget package.

Note: Client side code from EPiServer add-ons is rendered by using the Html helper method RequiredClientResources, already used in the Alloy template:
@Html.RequiredClientResources("Header"); 


More features?

What about advanced tracking of form fields, like grabbing the actual values and/or the changes in individual fields? The _tics.js library expect form fields to have data attributes (read more about it here). But when using EPiServer XForms, all an editor can add is custom CSS and none of those fancy data attributes. Oh no!

Relax. I have written a little JavaScript "add-on", called _tics.cms.js, that solves this for you.

You will find it in the _tics.js GitHub repository (look in the folder called "add-ons"). Include it in your code and run the function _tics.cms.prepareForm().


Add the script and run _tics.cms.prepareForm() before initializing the library.

It checks for CSS class names and adds the corresponding data attributes to the element.


An example: this is what the editor writes in the CSS field if wanting to grab the value of an individual field (using the "getValue" built in function in the library). Please note that it is case sensitive: analyze-custom-getValue



And that's it.


Simple? Programmer friendly? What do you think about it? Please share your feedback!

Saturday, May 2, 2015

Updates to FakeMaker - helping you with test driven EPiServer development

I have updated the FakeMaker Nuget package with some new features that hopefully will make your days as a test driven EPiServer developer a little bit smoother.

Never heard of FakeMaker? Here's some info.

The updated Nuget package contains new convenience methods when creating fake pages in your unit tests (added the methods WithChildren, WithLanguageBranch, WithProperty and WithContentTypeId). This was developed by Kristian Gimring and I merged it to the source code at GitHub quite a while ago. However, I haven't updated in the Nuget package until now. The current version is 1.0.4.

Recently, I also recieved feedback and suggestions from rbaarda and have added the possibility to set a fake page as the actual StartPage, by using the new method AsStartPage (that will set the EPiServer built in property ContentReference.StartPage).

The dependencies to EPiServer was also outdated, and the latest version of the Nuget package have those and also the Moq library updated. If your current project is not using the (as for now) latest version of EPiServer, I would suggest you to grab the source code instead (two files only: FakeMaker and FakePage), add it to your test project and compile, instead of using the Nuget package version.

I want to thank Kristian Gimring and rbaarda for the contributions. I really appreciate it and am happy to see that the tool is used! 


What features are missing? Let me know! Please contact me by writing a comment in this post, at twitter, as a GitHub pull request or just add an issue to the GitHub project.