This question already has answers here:
Laravel catch TokenMismatchException
(6 answers)
Closed 7 years ago.
I am getting issues with CSRF exceptions being thrown to the user. They happen for perfectly innocent reasons like if someone takes too long to fill out a form when they finally submit it the session has expired and the tokens don't match. Now obviously this is an error but it doesn't need to kill everything and throw an exception.
Is there a way to just get it to set a flash message instead and redirect back to the original page. I don't want to disable CSRF protection I just want the errors to be handled a bit more gracefully.
This is a bit of a pain, I usually add a method to the VerifyCsrfToken class to catch the TokenMismatchException (in the Middleware folder):
public function handle($request, Closure $next)
{
try
{
return parent::handle($request, $next);
}
catch(TokenMismatchException $e)
{
return redirect()->back()->withInput()->withErrors(['tokenMismatch' => 'Have you been away? Please try submitting the form again!']);
}
}
Although, you might want to tweak that depending on how you are handling errors in your app.
This can be handled in app/Handler.php
Change the render function from
public function render($request, Exception $e)
{
return parent::render($request, $e);
}
To this:
public function render($request, Exception $e)
{
if ($e instanceof \Illuminate\Session\TokenMismatchException){
return redirect($request->fullUrl())->with('error',"Sorry your session has expired please resubmit your request.");
}
return parent::render($request, $e);
}
Related
I know why this exception is thrown, this is not the problem, but I am not capable to catch this exception.
This exception is thrown in CORE/src/Http/Middleware/CsrfProtectionMiddleware.php line #286:
if (!$cookie || !is_string($cookie)) {
throw new InvalidCsrfTokenException(__d('cake', 'Missing or incorrect CSRF cookie type.'));
}
When I check the long list of the stack in the CakePHP error window it's clear to me I cannot start to modify the CORE files as with the next CakePHP update/upgrade my modifications are lost.
The only script I can modify and should be easily handled is webroot/index.php. It's also mentioned in the call stack in the first position:
Cake\Http\Server->run ROOT/webroot/index.php:50
And here I am stuck. What ever I tried:
try/catch ( \Exception )
try/catch ( \Cake\Http\Exception\InvalidCsrfTokenException )
Using set_exception_handler()
nothing helps, this means, I always get the below error window. In this window you can see on the left the long call stack of scripts which are called until the exception is thrown. And this are even not all scripts. So it's really nested.
My question:
How can I catch this exception in the most top PHP script webroot/index.php - below this script are another 16 scripts called until the exception is thrown. I don't want to modify the CakePHP core files.
I am running CakePHP 4.1.4
You cannot catch that exception in index.php, as it is already being catched by the error handler middleware, which presents you that nice error screen, which however you'd only see in debug mode, in case that is your concern.
Your first chance to catch that exception would be a custom middleware, which you'd have to place between the error handler middleware and the CSRF protection middleware, something along the lines of this:
// in src/Application.php
public function middleware(MiddlewareQueue $middlewareQueue): MiddlewareQueue
{
$middlewareQueue
->add(new ErrorHandlerMiddleware(Configure::read('Error')))
// ...
->add(function (
\Psr\Http\Message\ServerRequestInterface $request,
\Psr\Http\Server\RequestHandlerInterface $handler
) {
try {
// continue with the next middleware
return $handler->handle($request);
} catch (\Cake\Http\Exception\InvalidCsrfTokenException $exception) {
// handle the catched exception
$response = new \Cake\Http\Response();
return $response->withStringBody('Oh noes, CSRF error!');
}
})
// ...
->add(new CsrfProtectionMiddleware([
'httponly' => true,
]));
return $middlewareQueue;
}
In my project i need to do a bulk import and data insertion in the database.
So, I needed to know that when a API request is failed. Here, the problem is that PHP unable to catch that exception because Laravel 5.6 would stop the execution while there is any kind of error.
I needed to stop laravel from automatically stop the execution and let php decide that if an API request failed then lets wait 5 second and try again.
To achieve this i have made a function inside a laravel controller.
private function fetchAPI($id) {
try {
$rawResult = file_get_contents('http://example.com/'.$id.'?key=5453');
} catch (Exception $e) {
sleep(5);
$this->fetchAPI($id);
}
return json_decode($rawResult, true);
}
The above method will utilize the try...catch block. But i have also implemented with a boolean check with no luck:
private function fetchAPI($id) {
$rawResult = file_get_contents('http://example.com/'.$id.'?key=5453');
if($rawResult === FALSE) {
sleep(5);
$this->fetchAPI($id);
} else {
return json_decode($rawResult, true);
}
}
In this scenario how i can re-try if API request failed from a Laravel controller method?
Use \Exception dans not Exception, because Exception is thought as YourCurrentFileNamespace\Exception.
I am trying to implement exception handling in my application. For this Laravel framework has its own mechanism to handle the exception using report and render method. But to implement exception I need to track the source from where the exception has been raised e.g. specific page, route etc. For this I need to pass the url to report and render method but unable to do so. What needs to be done in order to implement this in below report and render function.
public function report(Exception $e)
{
parent::report($e);
}
public function render($request, Exception $e)
{
/* Token mismatch Exception handler start */
if ($e instanceof \Illuminate\Session\TokenMismatchException) {
return response()->view('errors.sessionExpire', [], 500);
}
/* Token mismatch Exception handler start */
return parent::render($request, $e);
}
As you can see from your own example, you have an instance of Request in the argument list. And Request has all request-specific details like current route, URL and so on.
$request->url(); // Current request URL
$request->fullUrl(); // With query parameters
$request->route(); // Get the route closure for this request path
You can also create your own exception classes that accept as many parameters as you wish!
And the less comfortable way already mentioned – you could go through the exception trace.
You need to use Exception::getTrace
var_dump($e->getTrace());
above line will give you all details regarding exception.
public function report(Exception $e){
echo '<pre>'; // add this line
print_r($e->getTrace()); // add this line
parent::report($e);
}
I'm looking to handle a MethodNotAllowedException. I've viewed other answers available on here that to create what i think should handle this in the exceptions/handler.php class. This is what i came up with.
public function render($request, Exception $e)
{
if ($e instanceof MethodNotAllowedHttpException) {
\Auth::logout();
\Session::flush();
return redirect()->('/')->withErrors(['error' => 'Something went wrong']);
}
return parent::render($request, $e);
}
However where i used to get an error before, all i recieve now is a blank page on the page where i usually recieve an error and a user is not logged out nor are they redirected. Am i placing this handler in the right place and if so, is the function shown below correct?
Thanks
I have a repository that throws an exception if it can't find a record in the database. Rather than redirect to another page I just want to display a warning alert as the record is not critical to the page but is an "exceptional event".
It's probably best to demonstrate with code:
// FxRateRepositoy
public function getRate(/** args **/)
{
$rate = FxRate::where(.... //query to get the rate
if (!rate)
throw new NonExistentCurrencyException(//message);
return $rate;
}
In my start/global.php I have a handler:
App::error(function(NonExistentCurrencyException $e)
{
Session::flash('alert', $e->getMessage());
return \\ ??
});
What to return? I must return a response or the exception continue uncaught. I want to continue to the intended page but with the alert flashed in the session. Is this possible without having to use try catch blocks in every place this method is called?
Ass an additional question, assuming this exception may be thrown multiple times in one request, what's the best way to accumulate alert messages and display them? I'm thinking something akin to the validation messageBag. Can I just use the global $errors variable or should I create a new, specific messagebag for this purpose?
The problem is that if you return nothing from App::error Laravel will display it's default error page. On the other side you can't return a response because you don't know what response it should be in the error handler.
I suggest you handle it in the controller itself.
You can catch the exception there and flash the message or don't throw an exception at all:
$rate = FxRate::where(.... //query to get the rate
if (!rate){
Session::flash('alert', 'Whoops');
}
Also the findOrFail() and firstOrFail methods might be of use. They throw an ModelNotFoundException if the query yields no results:
try {
$rate = FxRate::where(....)->firstOrFail()
// and so on
} catch (Illuminate\Database\Eloquent\ModelNotFoundException $e){
Session::flash('alert', 'Whoops');
}
As for a messages system, take a look at the laracasts/flash package