How to reset/change expired MySQL 5.6 password in Homestead

MySQL 5.6 introduced password expiration, so the password on your Homestead Virtual Machine may expire at some point.

SQLSTATE[HY000] [1862] Your password has expired. 
To log in you must change it using a client that supports 
expired passwords.

To change this you will need to log into MySQL running on Homestead in order to change your password to fix the expiry

vagrant ssh
mysql -u homestead -psecret

If you try and execute most commands you will be greeted with

ERROR 1820 (HY000): You must reset your password using 
ALTER USER statement before executing this statement.

Confusingly you can’t run the ALTER USER statement until you’ve changed your password… so you need to use SET PASSWORD

SET PASSWORD = PASSWORD('new_password');

Port forward http 80 and https 443 to 8080 or 8443 for Vagrant on Mac OS X

Assuming you have a Vagrantfile setup to forward port 8080 and/or 8443 to the default http and https ports on the web server running in the Vagrant Virtual Machine guest, you can forward these ports to the normally reserved ports on your Mac OS X host

Create a port forwarding rule for both http and https ports that forwards 80 to 8080 and 443 to 8443 on your Mac (thanks to Abe Tobing for his guide on using pf)

Add port forwarding configuration that references this rule

Once you have created both these files, to activate this rule run “sudo pfctl -ef /etc/pf-vagrant.conf”


MySQL Workbench client with Vagrant MySQL on Virtual Machine

If you prefer to use a client for MySQL such as Workbench, you can connect to the MySQL service in your Vagrant Virtual Machine by using SSH tunnelling. Run “vagrant ssh-config” to get the information you need to configure your client correctly.

vagrant ssh-config

Host default
 User vagrant
 Port 2222
 UserKnownHostsFile /dev/null
 StrictHostKeyChecking no
 PasswordAuthentication no
 IdentityFile /Users/akirkpatrick/Projects/api/puphpet/files/dot/ssh/id_rsa
 IdentityFile /Users/akirkpatrick/.vagrant.d/insecure_private_key
 IdentitiesOnly yes
 LogLevel FATAL

You should see 2 keys listed under IdentityFile, use the path of the first one (not the insecure one) as the location for your SSH Key File in a new Standard TCP/IP over SSH connection in Workbench or an equivalent client. The SSH connection will be over whichever port Vagrant is forwarding (usually 2222, see the Port from the ssh-config output) with the user “vagrant” and the MySQL connection details will be whatever credentials are allowed to connect from within the VM.

Vagrant SSH key for TCP/IP over SSH connection

Upload Behat screenshot to Imgur on scenario step failure

Being able to save a screenshot from Behat via one of it’s drivers is very useful to find out what went wrong, especially on headless browsers such as PhantomJS. Previously I’ve saved these to the filesystem as per a handy UCSF guide and updated myself for Behat 3.

However if you do not have easy access to the filesystem where Behat is being run, such as your Continuous Integration server (especially container-based solutions like Travis where it will get destroyed after each build) then it may be handy to upload it to somewhere and output the URL in your build logs. This is a quick solution for uploading to Imgur.

You will need to create an Imgur account and register your application to obtain a client ID.

Please note this is a quick and dirty example, as it should ideally use Guzzle to talk to the Imgur API and use external configuration, but since people may want to use different image hosting services or methods I left it fairly basic for now.

Save a screenshot in Behat 3 on a failed scenario step

If you are using Behat with Selenium server and running locally, if is firing up real browser instances via web driver then it is easy to see what may be going wrong. However if you are using a headless browser such as PhantomJS this makes it impossible, unless you take screenshots when an error has occured (a failed step in your scenario)

I used a handy UCSF guide for taking screenshots with Behat 2 and updated it for Behat 3

Fix SSL certificate problem using Behat, Guzzle and Goutte on localhost

If you have an application that you are trying to test locally (such as on a Vagrant VM) or on a development server that has a self-signed certificate, Behat will probably complain of an SSL certificate problem because of an invalid certificate chain (GuzzleHttp\Exception\RequestException)

This is because Guzzle (the http client used by Goutte, the default Mink driver) believes the connection to be insecure, which technically it is, but for testing purposes we can ignore this.

If your application (or stack) is configured for https only at all times this means you can’t switch to http to test, since that would be testing configuration that is not representative of your live environment. To circumvent this you can disable SSL verification for cURL in Guzzle.



Javascript redirects double-encoding GET query parameter such as arrays [] %255B %255D

If you are passing query parameters such as arrays, Apache may double-encode them so that %5B and %5D becomes %255B and %255D for URLs that are submitted such as:


If you are making Ajax or API calls from a Javascript library (such as via jQuery or Angular) then it will encode the URI initially, then the web server (such as Apache) will 301 or 302 redirect to the new URI and the Javascript library will encode them again, resulting in double-encoded characters.

If you have redirect rules such as http to https or trailing slash to non-trailing slash then you will need to update the URIs you are making requests to in the Javascript calls.

Haven’t confirmed if Nginx or other web servers are affected by this yet

Use Homebrew PHP with Mac OS X built-in Apache

To use the version of PHP you installed with Homebrew, you will need to change the PHP extension that Apache is loading. If you are using the built-in version of Apache this will use the built-in version of PHP even after you have installed PHP with brew.

brew install php56

You need to edit the Apache config file /etc/apache2/httpd.conf and search for

vim /etc/apache2/httpd.conf

Then change this to point to the new brew PHP extension

#LoadModule php5_module libexec/apache2/
LoadModule php5_module [new-extension]

The location of the new brew PHP extension will differ depending on your setup, but you will be able to find it using brew

brew info php56

Use CORS for REST API via XDomain proxy in IE8, IE9 for JavaScript/Angular

Because Internet Explorer 8 and 9 don’t support CORS properly (no custom headers such as an API key, only GET/POST, etc.) you may have problems using a modern REST API. However Jaime Pillora came up with a great solution called XDomain which acts as a pure JavaScript proxy for your API calls to get around CORS. This will only work if you have control over both the API you’re consuming and the JavaScript application.

Put this page in the web root of your API…

All you need to do to get this setup is to make sure you include it before any other JavaScript (such as Angular or jQuery) that will use IE’s XDomainRequest, as it will act as a drop-in replacement for it.

Your application would then look something like this…

Using BrowserStack or with the (limited) IE developer tools you will either see some debug messages from XDomain, or if you see “Access Denied” it will be because XDomain can’t connect to your proxy page (check the http/https protocols match and that the page is accessible on your API from where your JavaScript application is hosted)

Newer posts
Older posts