So when a user randomly types a URL on a route that exists, they get an error message:
Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException
The GET method is not supported for this route. Supported methods: POST.
After doing some searching, all the posts I can find suggest to change the render function inside of App\Exceptions\Handler and change it to this:
public function render($request, Exception $exception)
{
if($exception instanceof \Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException){
return abort('404');
}
return parent::render($request, $exception);
}
However, with the newer version of Laravel this no longer exists. One post mentioned to add this in routes\web.php:
Route::fallback( function () {
abort( 404 );
} );
This works fine but I'm not sure if this is the best approach/right place to have it? Is there are any other alternative way?
I have also attempted to change the register function inside of App\Exceptions\Handler to this per the Laravel Doc (https://laravel.com/docs/9.x/errors#rendering-exceptions):
use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
public function register()
{
$this->renderable(function (NotFoundHttpException $e, $request) {
if ($request->is('api/*')) {
return response()->json([
'message' => 'Record not found.'
], 404);
}
});
}
but it does not work
In a newer version on Laravel, you can add
$this->renderable(function (Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException $e) {
// do something
});
this line inside a register method on a class \App\Exceptions\Handler
If you want to handle NotFoundException you should use
$this->renderable(function (Symfony\Component\HttpKernel\Exception\NotFoundHttpException $e) {
// do something
});
You can find more detailed answer on Laravel documentation here:
https://laravel.com/docs/9.x/errors#rendering-exceptions
Related
I want to direct random link to only one view except that I've define
e.g : localhost:8000/abxcdss
It will go to a view or home page.
Solution #1 - Via Exception Handler (404)
app/Exceptions/Handler.php
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
//
public function render($request, Exception $exception)
{
if ($exception instanceof NotFoundHttpException) {
return redirect('/');
}
return parent::render($request, $exception);
}
Solution #2 - Via Route
routes/web.php
// Last line!
Route::any('{any}', function () {
return redirect('/');
});
Info: All my routes look like this /locale/something for example /en/home
works fine.
In my controller I'm using the firstOrFail() function.
When the fail part is triggered the function tries to send me to /home.
Which doesn't work because it needs to be /en/home.
So how can I adjust the firstOrFail() function to send me to /locale/home ?
What needs to changed ?
You can treat it in several ways.
Specific approach
You could surround your query with a try-catch wherever you want to redirect to a specific view every time a record isn't found:
class MyCoolController extends Controller {
use Illuminate\Database\Eloquent\ModelNotFoundException;
use Illuminate\Support\Facades\Redirect;
//
function myCoolFunction() {
try
{
$object = MyModel::where('column', 'value')->firstOrFail();
}
catch (ModelNotFoundException $e)
{
return Redirect::to('my_view');
// you could also:
// return redirect()->route('home');
}
// the rest of your code..
}
}
The only downside of this is that you need to handle this everywhere you want to use the firstOrFail() method.
The global way
As in the comments suggested, you could define it in the Global Exception Handler:
app/Exceptions/Handler.php
# app/Exceptions/Handler.php
use Illuminate\Database\Eloquent\ModelNotFoundException;
use Illuminate\Support\Facades\Redirect;
// some code..
public function render($request, Exception $exception)
{
if ($exception instanceof ModelNotFoundException && ! $request->expectsJson())
{
return Redirect::to('my_view');
}
return parent::render($request, $exception);
}
I am trying to develop a RESTful API with Laravel 5.2. I am stumbled on how to return failed authorization in JSON format. Currently, it is throwing the 403 page error instead of JSON.
Controller: TenantController.php
class TenantController extends Controller
{
public function show($id)
{
$tenant = Tenant::find($id);
if($tenant == null) return response()->json(['error' => "Invalid tenant ID."],400);
$this->authorize('show',$tenant);
return $tenant;
}
}
Policy: TenantPolicy.php
class TenantPolicy
{
use HandlesAuthorization;
public function show(User $user, Tenant $tenant)
{
$users = $tenant->users();
return $tenant->users->contains($user->id);
}
}
The authorization is currently working fine but it is showing up a 403 forbidden page instead of returning json error. Is it possible to return it as JSON for the 403? And, is it possible to make it global for all failed authorizations (not just in this controller)?
We managed to resolve this by modifying the exceptions handler found in App\Exceptions\Handler.php adding it in the render function.
public function render($request, Exception $e)
{
if ($e instanceof AuthorizationException)
{
return response()->json(['error' => 'Not authorized.'],403);
}
return parent::render($request, $e);
}
Yes, make a simple before method in your policy which will be executed prior to all other authorization checks,
public function before($user, $ability,Request $request)
{
if (!yourconditiontrue) {
if ($request->ajax()) {
return response('Unauthorized.', 401);
} else {
return abort('403');
}
}
}
You can intercept the exception
try {
$this->authorize('update', $data);
} catch (\Exception $e)
{
return response()->json(null, 403);
}
As for the latest version of Laravel, as of now version >=7.x,
Generally setting request headers 'Accept' => 'application/json' will tell Laravel that you expect a json response back.
For errors you need to also turn off debugging by setting the APP_DEBUG=false on your .env file, which will make sure the response is json and no stacktrace is provided.
The accepted answer works, but if you don't want to return json for every route you can handle this with middleware.
A brief outline of how to do this:
Create an ApiAuthorization class and extend your main auth class.
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Auth\Middleware\Authorize;
use Illuminate\Auth\Access\AuthorizationException;
class ApiAuthorization extends Authorize
{
public function handle($request, Closure $next, $ability, ...$models)
{
try {
$this->auth->authenticate();
$this->gate->authorize($ability, $this->getGateArguments($request, $models));
} catch (AuthorizationException $e) {
return response()->json(['error' => 'Not authorized.'],403);
}
return $next($request);
}
}
Add the middleware to $routeMiddleware in App\Http\Kernel.php
'api.can' => \App\Http\Middleware\ApiAuthorization::class,
Update your route. You can now use your new api auth middleware by calling api.can similar to the example in the docs
Route::get('tenant', [
'as' => 'api.tenant',
'uses' => 'TenantController#show'
])->middleware('api.can:show,tenant');
This method allows you to return json for specific routes without modifying the global exception handler.
I have also face the same issue in Laravel version 7.3 where the AuthorizationException is not caught. What I come to know that we have to include AuthorizationException in the Handler.php like
<?php
namespace App\Exceptions;
use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
use Illuminate\Auth\AuthenticationException;
use Illuminate\Auth\Access\AuthorizationException;
use Throwable;
use Exception;
use Request;
use Response;
class Handler extends ExceptionHandler
{
// ...
/**
* Render an exception into an HTTP response.
*
* #param \Illuminate\Http\Request $request
* #param \Throwable $exception
* #return \Symfony\Component\HttpFoundation\Response
*
* #throws \Throwable
*/
public function render($request, Throwable $exception)
{
if ($exception instanceof AuthorizationException)
{
return response()->json(['message' => 'Forbidden'], 403);
}
if ($exception instanceof ModelNotFoundException && $request->wantsJson()) {
return response()->json(['message' => 'resource not found')], 404);
}
return parent::render($request, $exception);
}
// ...
}
FYI if you just add the AuthorizationException by using the following statement
use AuthorizationException;
It still not working. So we have to specify the fully qualified namespace path.
Here's the documentation: https://laravel.com/docs/5.2/routing#route-model-binding
The routes:
Route::group(['prefix' => 'u'], function () {
Route::post('create', ['as' => 'createUser', 'uses' => 'UserController#create']);
Route::get('{uuid}', ['as' => 'userDashboard', 'uses' => 'UserController#dashboard']);
});
The UserController.php:
public function dashboard(User $uuid)
{
return View::make('user.dashboard');
}
Whenever the User isn't found in the database it throws these two exceptions:
2/2
NotFoundHttpException in Handler.php line 103:
No query results for model [App\User].
1/2
ModelNotFoundException in Builder.php line 303:
No query results for model [App\User].
How do I customize the error? I want to redirect to the createUser route. The documentation instructs to pass a Closure as a third argument but I don't know how to do that with my current code.
EDIT 1
This is what I've tried so far without success:
Route::model('{uuid}', ['as' => 'userDashboard', 'uses' => 'UserController#dashboard'], function () {
App::abort(403, 'Test.');
});
Route::get('{uuid}', ['as' => 'userDashboard', 'uses' => 'UserController#dashboard'], function () {
App::abort(403, 'Test.');
});
This is actually very simple. As none of the answers really give a definite answer I am answering it myself.
In the file RouteServiceController.php's boot function add the following:
$router->model('advertiser', 'App\Advertiser', function () {
throw new AdvertiserNotFoundException;
});
Then create a new empty class in App\Exceptions called (in this case) AdvertiserNotFoundException.php:
<?php
namespace App\Exceptions;
use Exception;
class AdvertiserNotFoundException extends Exception
{
}
The last thing to do is to catch the exception in the Handler.php's render function (App\Exception) like so:
public function render($request, Exception $e)
{
switch ($e)
{
case ($e instanceof AdvertiserNotFoundException):
//Implement your behavior here (redirect, etc...)
}
return parent::render($request, $e);
}
That's it! :)
for a similar case i did,
I took the parent Illuminate\Foundation\Exceptions\Handler isHttpException function and copied it to app/Exceptions/Handler.php and changed it's name to my isUserNotFoundException.
protected function isUserNotFoundException(Exception $e)
{
return $e instanceof UserNotFoundException;
}
and than in the render function add
if ($this->isUserNotFoundException($e))
return redirect('path')->with('error',"Your error message goes here");
Following code must be placed in your RouteServiceProvider::boot method
$router->model('uuid', 'App\User', function () {
throw new UserNotFoundException;
});
and make sure to include this in your view file
and this forum post might help you
https://scotch.io/tutorials/creating-a-laravel-404-page-using-custom-exception-handlers
To do so you need to check if the id exist in the model like so:
public function dashboard(User $uuid)
{
if(User::find($uuid))
{
return View::make('user.dashboard');
} else {
redirect('xyz');
}
}
I think this tutorial will be helpful for you Laravel Model Binding
You could add the exception and treat in in app/Exceptions/Handler.php
/**
* Render an exception into an HTTP response.
*
* #param \Illuminate\Http\Request $request
* #param \Exception $e
* #return \Illuminate\Http\Response
*/
public function render($request, Exception $e)
{
if (!env('APP_DEBUG')) {
if ($e instanceof \Illuminate\Database\Eloquent\ModelNotFoundException) {
//treat error
return response()->view('errors.404');
}
return parent::render($request, $e);
}
Edit 1:
This piece of code is from a working project so if this doesn't work it must have an error somewhere else:
if ($e instanceof \Illuminate\Database\Eloquent\ModelNotFoundException) {
$data= \App\Data::orderBy('order', 'asc')->get();
return response()->view('errors.404', [
'data' => $data
], 404);
}
Edit 2:
You can use the above code and this tutorial in order to create a new Exception type in order to get your desired behavior. To my understanding at least. :)
i have this blogsController, the create function is as follows.
public function create() {
if($this->reqLogin()) return $this->reqLogin();
return View::make('blogs.create');
}
In BaseController, i have this function which checks if user is logged in.
public function reqLogin(){
if(!Auth::check()){
Session::flash('message', 'You need to login');
return Redirect::to("login");
}
}
This code is working fine , but it is not what is need i want my create function as follows.
public function create() {
$this->reqLogin();
return View::make('blogs.create');
}
Can i do so?
Apart from that, can i set authantication rules , like we do in Yii framework, at the top of controller.
Beside organizing your code to fit better Laravel's architecture, there's a little trick you can use when returning a response is not possible and a redirect is absolutely needed.
The trick is to call \App::abort() and pass the approriate code and headers. This will work in most of the circumstances (excluding, notably, blade views and __toString() methods.
Here's a simple function that will work everywhere, no matter what, while still keeping your shutdown logic intact.
/**
* Redirect the user no matter what. No need to use a return
* statement. Also avoids the trap put in place by the Blade Compiler.
*
* #param string $url
* #param int $code http code for the redirect (should be 302 or 301)
*/
function redirect_now($url, $code = 302)
{
try {
\App::abort($code, '', ['Location' => $url]);
} catch (\Exception $exception) {
// the blade compiler catches exceptions and rethrows them
// as ErrorExceptions :(
//
// also the __toString() magic method cannot throw exceptions
// in that case also we need to manually call the exception
// handler
$previousErrorHandler = set_exception_handler(function () {
});
restore_error_handler();
call_user_func($previousErrorHandler, $exception);
die;
}
}
Usage in PHP:
redirect_now('/');
Usage in Blade:
{{ redirect_now('/') }}
You should put the check into a filter, then only let the user get to the controller if they are logged in in the first place.
Filter
Route::filter('auth', function($route, $request, $response)
{
if(!Auth::check()) {
Session::flash('message', 'You need to login');
return Redirect::to("login");
}
});
Route
Route::get('blogs/create', array('before' => 'auth', 'uses' => 'BlogsController#create'));
Controller
public function create() {
return View::make('blogs.create');
}
We can do like this,
throw new \Illuminate\Http\Exceptions\HttpResponseException(redirect('/to/another/route/')->with('status', 'An error occurred.'));
It's not a best practice to use this method, but to solve your question, you can use this gist.
Create a helper function like:
if(!function_exists('abortTo')) {
function abortTo($to = '/') {
throw new \Illuminate\Http\Exceptions\HttpResponseException(redirect($to));
}
}
then use it in your code:
public function reqLogin(){
if(!Auth::check()){
abortTo(route('login'));
}
}
public function create() {
$this->reqLogin();
return View::make('blogs.create');
}