Level 8
do you have in your form hidden input field with token value?
<input type="hidden" name="_token" value="{ { csrf_token() } }">
Aug 14, 2015
12
Level 6
Got TokenMismatchException in VerifyCsrfMiddleware.php line 16 laravel 5
I am making an ecommerce web application using Laravel 5.
Now I am stuck at the payment integration. I am using CCAvenue as my payment integration, but there is no support provided from the ccavenue itself for laravel framework.
So, after a bit of research, I got this package called Indipay. This package works completely fine. However, I get TokenMismatchException. Though the transaction is successful and I do get the notification of the payment being received.
routes.php
Route::post('/store/proceed-to-checkout', 'CheckoutController@proceedToCheckout');
Route::get('/store/thank-you', 'PagesController@getThankYou');
CheckoutController.php
public function proceedToCheckout(Request $request)
{
$orderCode = Order::latest()->limit(1)->first();
$newOrderCode = ($orderCode) ? ++$orderCode->order_code : 'ORD-000000001';
$parameters = [
'merchant_id' => $request->get('merchant_id'),
'currency' => $request->get('currency'),
'redirect_url' => $request->get('redirect_url'),
'cancel_url' => $request->get('cancel_url'),
'language' => 'EN',
'order_id' => $newOrderCode,
'actionId' => $request->get('actionID'),
'TxnType' => $request->get('TxnType'),
'amount' => $request->get('amount'),
'tid' => time().rand(111,999)
];
return Indipay::purchase($parameters);
}
PagesController.php
public function getThankYou(Request $request)
{
$ordCode = Session::get('ordCode');
$response = Indipay::response($request);
dd($response);
//return view('version-seven.pages.thank_you', compact('ordCode'));
}
Kernel.php
<?php namespace App\Http;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel {
/**
* The application's global HTTP middleware stack.
*
* @var array
*/
protected $middleware = [
'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
'Illuminate\Cookie\Middleware\EncryptCookies',
'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
'Illuminate\Session\Middleware\StartSession',
'Illuminate\View\Middleware\ShareErrorsFromSession',
//'App\Http\Middleware\VerifyCsrfToken',
'App\Http\Middleware\VerifyCsrfMiddleware',
];
/**
* The application's route middleware.
*
* @var array
*/
protected $routeMiddleware = [
'auth' => 'App\Http\Middleware\Authenticate',
'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
'guest' => 'App\Http\Middleware\RedirectIfAuthenticated',
'admin' => 'App\Http\Middleware\AdminAuthentication',
];
}
Level 6
@paradox The values are coming from the payment integrated website, i.e., from CCAvenue website. So, how can I add the token to that ?
Level 8
@IamCrazyD I get it. Then add route to $except property of middleware like this in order to ignore hitting csrf middleware:
<?php
namespace App\Http\Middleware;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken as BaseVerifier;
class VerifyCsrfToken extends BaseVerifier
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
'/store/*',
];
}
source: http://laravel.com/docs/master/routing#csrf-excluding-uris
1 like
Level 6
Level 8
@IamCrazyD Well I would say on the route your post request is coming. But if you got just those two routes to handle your payments just put asterisk after /store and it does the trick.
I don't know exactly how this payment provider works but generally you receive some kind of post (or get) request to url from payments and after success/failure on their side the client is redirected to another url - here "thank you page". So your post request is not processed because of failed csrf validation. Redirection to "thank you page" has no form therefore will not be exploited by cross site request forgery and in consequence csrf token has nothing to do with it.
But again - I don't know exact implementation of CCAvenue payments so go ahead and just put that asterisk ;-)
Level 8
@IamCrazyD did it work?
Level 6
Yeah.. It was the configuration of the package that I didn't care to configure correctly. In that, they had asked to change the value of remove_csrf_check, and I had kept it as default only. Changing that to store/thank-you did the work.
I appreciate the help you did to me. I was not knowing that we can also remove specific routes from hitting the middleware. Thank you for that..
Level 8
@IamCrazyD Good to hear that. In that case I appreciate to close the thread by accepting answer. Let others looking for help benefit too.
Level 122
@vemulakishankumar to attract @IamCrazyD attention you need no space between the @ and the persons handle
Level 1
How to integrate indipay with laravel 4.2 for ccavenue payment.I have installed the package and mentioned the credentials.But this error is shown Error Code: 10002 Merchant Authentication failed
Please can anyone help me on this
Level 122
@biswajitdey start your own thread
Level 1
i have started my thread..but no one is replying@Snapey
Please or to participate in this conversation.