search

dingo / api

A RESTful API package for the Laravel and Lumen frameworks.
BSD 3-Clause "New" or "Revised" License
9.33k stars 1.25k forks source link

Session store not set on request thrown on Custom Exception #1684

Closed eyalgrossdev closed 3 years ago

eyalgrossdev commented 4 years ago
Q A
Bug? no?
New Feature? no
Framework Laravel
Framework version 5.8
Package version 2.2.3
PHP version 7.2

Actual Behaviour

I have a couple of custom middleware classes that perform custom authentication and authorization for my api. In both I am throwing several custom exceptions all registered in the provider as per recommendation in the wiki

$handler->register(function (MissingApiKey $exception) {
  return Response::make(['error' => trans('api.exceptions.missing_api_key')], 400);
});

$handler->register(function (InvalidApiKey $exception) {
  return Response::make(['error' => trans('api.exceptions.invalid_api_key')], 401);
});        

$handler->register(function (Unauthorized $exception) {
  return Response::make(['error' => trans('api.exceptions.unauthorized')], 403);
});

Each custom Exception extends Symfony\Component\HttpKernel\Exception\HttpException; again as recommended in the wiki.

Upon testing the exceptions each is being thrown correctly with the custom error message being displayed in Postman except for the InvalidApiKey exception which displays as 

{
    "message": "Session store not set on request.",
    "status_code": 500
}

Here is the relevant stacktrace from the log

[2019-10-02 08:40:23] local.ERROR: Session store not set on request. {"exception":"[object] (RuntimeException(code: 0): Session store not set on request. at ..\\vendor\\laravel\\framework\\src\\Illuminate\\Http\\Request.php:484)
[stacktrace]
#0 ...\\app\\Library\\Exceptions\\Handler.php(159): Illuminate\\Http\\Request->session()
#1 ...\\app\\Library\\Exceptions\\Handler.php(81): ...\\Exceptions\\Handler->reportHttpException(Object(...\\Api\\V2\\Exceptions\\InvalidApiKey))
#2 ...\\vendor\\dingo\\api\\src\\Exception\\Handler.php(78): ...\\Exceptions\\Handler->report(Object(...\\Api\\V2\\Exceptions\\InvalidApiKey))
#3 ...\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Pipeline.php(81): Dingo\\Api\\Exception\\Handler->report(Object(...\\Api\\V2\\Exceptions\\InvalidApiKey))
#4 ...\\vendor\\laravel\\framework\\src\\Illuminate\\Routing\\Pipeline.php(55): Illuminate\\Routing\\Pipeline->handleException(Object(Dingo\\Api\\Http\\Request), Object(...\\Api\\V2\\Exceptions\\InvalidApiKey))

Expected Behaviour

I expect this exception to be thrown and caught in the same way as the others. There is no difference between them.

Steps to Reproduce

I hit the endpoint in Postman with an invalid api key which would throw the exception

Possible Solutions

No idea unfortunately. :(

specialtactics commented 4 years ago

Hey, I think the problem lies in your own Handler.php, specifically \App\Library\Exceptions\Handler.php

If you look at your stack trace, you are trying to access the session of the request, but for REST API requests, typically there is no session. #0 ...\\app\\Library\\Exceptions\\Handler.php(159): Illuminate\\Http\\Request->session()

If you are still unsure, you might want to post the code for your Handler class there.