Jan 21, 2021

Level 11

Catch Token mismatch exception in Exception handler

I think in previous versions of laravel I had no problem catching the Token mismatch exception. Is anything modified in the latest version? I can't catch the Token mismatch exception.

// App\Exceptions\Handler
// for other exceptions, the code runs correctly
$this->renderable(function (ValidationException $e, $request) {
    return response()->json([
        'status' => 'error',
        'message' => $e->getMessage(),
        'data' => [
            'errors' => $e->validator->errors()->messages(),
        ],
    ]);
});

// App\Exceptions\Handler
// but when Token mismatch triggered, the code will never run
$this->renderable(function (TokenMismatchException $e, $request) {
    return response()->json([
        'status' => 'error',
        'message' => 'You have been logged out due to prolonged inactivity. Please try logging in again.',
        'data' => []
    ]);
});

guybrush_threepwood

5 years ago

Best Answer

Level 33

Hi @inyansuta

It looks like Laravel converts the TokenMismatchException to a general HttpException (419) when preparing the exceptions:

https://github.com/laravel/framework/blob/0076fc98a4aea00997764552bee17a86531cf605/src/Illuminate/Foundation/Exceptions/Handler.php#L318

https://github.com/laravel/framework/blob/0076fc98a4aea00997764552bee17a86531cf605/src/Illuminate/Foundation/Exceptions/Handler.php#L372

So, if you want it to throw a TokenMismatchException I believe you should add the prepareException() method to your app\Exceptions\Handler.php and modify it to suit your needs.

Either that or catch the HttpException and check the error code (419).

Regards

1 like

inyansuta

5 years ago

Level 11

@guybrush_threepwood

Thanks a lot, it's exactly as you write.

1 like

guybrush_threepwood

5 years ago

Level 33

You're welcome

inyansuta

5 years ago

Level 11

@guybrush_threepwood

Today I found out that I can't catch the Internal server error (status 500). It should be an ErrorException, however none of the definitions below will run ...

// if the server returns 500, it will not execute
$handler->renderable(function (\Exception $e, $request) {
    ...
});

// if the server returns 500, it will not execute
$handler->renderable(function (\ErrorException $e, $request) {
    ...
});

Laravel's documentation is silent, I also didn't find anything in the forums. Can you help?

guybrush_threepwood

5 years ago

Level 33

Hi @inyansuta

I don't fully understand how the exception handler works, but it looks like you should attempt to customize the prepareResponse() method in order to avoid the exception being converted to a generic HttpException and rendered as an IlluminateResponse:

https://github.com/laravel/framework/blob/0076fc98a4aea00997764552bee17a86531cf605/src/Illuminate/Foundation/Exceptions/Handler.php#L451

Notice how non HttpExceptions are handled differently when in debug mode (in order to render the exception with "Whoops").

inyansuta

5 years ago

Level 11

Hi @guybrush_threepwood, thank you very mutch, I'm going to try to find out more.

1 like

Snapey

5 years ago

Level 122

Depends on the error cause... running out of memory will stop your application in its tracks for instance.

clem

1 year ago

Level 34

For the Laravel 11 skeleton:

Since Laravel converts the TokenMismatchException to a HttpException, this is the only way I managed to catch the CSRF exceptions:

use Illuminate\Http\Request;
use Symfony\Component\HttpKernel\Exception\HttpException;

return Application::configure(basePath: dirname(__DIR__))
    // [...]
    ->withExceptions(function (Exceptions $exceptions) {
        $exceptions->render(function (HttpException $e, Request $request) {
            if ($e->getStatusCode() === 419) {
                // 
            }
        });
    });

Please or to participate in this conversation.