Asked  7 Months ago    Answers:  5   Viewed   35 times

I've a payment system, where data is submitted to 3rd party site and than hauled back...

When data returns it hits specific url lets say /ok route. $_REQUEST['transaction'].

But because of laravel middleware I'm getting token mismatch. There is no way 3rd party payment API can generate token, so how I disable it? only for this route?

or is there a better option?

Route::get('/payment/ok',   'TransactionsController@Ok');
Route::get('/payment/fail', 'TransactionsController@Fail');

public function Ok( Request $request )
{
    $transId = $request->get('trans_id');

    if ( isset( $transId ) )
    {

        return $transId;

    }

}

 Answers

81

Since version 5.1 Laravel's VerifyCsrfToken middleware allows to specify routes, that are excluded from CSRF validation. In order to achieve that, you need to add the routes to $except array in your AppHttpMiddlewareVerifyCsrfToken.php class:

<?php namespace AppHttpMiddleware;

use IlluminateFoundationHttpMiddlewareVerifyCsrfToken as BaseVerifier;

class VerifyCsrfToken extends BaseVerifier
{
  protected $except = [
    'payment/*',
  ];
}

See the docs for more information.

Wednesday, March 31, 2021
 
axiomer
answered 7 Months ago
95

Do you want to specifically log info to one log file and another log type to another location? My solution might not help in that case, but could still be useful.

To write a log file to another location, use the method useDailyFiles or useFiles, and then info to log to the log file at the path you just specified. Like so:

    Log::useDailyFiles(storage_path().'/logs/name-of-log.log');
    Log::info([info to log]);

The first parameter for both methods is the path of the log file (which is created if it doesn't already exist) and for useDailyFiles the second argument is the number of days Laravel will log for before erasing old logs. The default value is unlimited, so in my example I haven't entered a value.

Wednesday, March 31, 2021
 
Gil
answered 7 Months ago
Gil
38

Remove the IlluminateFoundationHttpMiddlewareVerifyCsrfToken and IlluminateViewMiddlewareShareErrorsFromSession classes from your middleware too. These features require sessions.

Not required but I'd also probably suggest setting your session driver to array, just so that if any features you are using require the sessions feature they can at least work without throwing errors. The array driver, as it suggests, stores all the session data in a standard PHP array so everything is erased as soon as the request is completed.

Saturday, May 29, 2021
 
Daveel
answered 5 Months ago
44

I think the easiest way would be creation your own validation rule. It could looks like.

Validator::extend('empty_if', function($attribute, $value, $parameters, IlluminateValidationValidator $validator) {

    $fields = $validator->getData(); //data passed to your validator

    foreach($parameters as $param) {
        $excludeValue = array_get($fields, $param, false);

        if($excludeValue) { //if exclude value is present validation not passed
            return false;
        }
    }

    return true;
});

And use it

    $this->validate($request, [
    'name'  =>  'required|max:255',
    'url'   =>  'empty_if:route|url',
    'route' =>  'empty_if:url|route',
    'parent_items'=>  'sometimes|required|integer'
]);

P.S. Don't forget to register this in your provider.

Edit

Add custom message

1) Add message 2) Add replacer

Validator::replacer('empty_if', function($message, $attribute, $rule, $parameters){
    $replace = [$attribute, $parameters[0]];
    //message is: The field :attribute cannot be filled if :other is also filled
    return  str_replace([':attribute', ':other'], $replace, $message);
});
Saturday, May 29, 2021
 
Oshrib
answered 5 Months ago
79

Remove the middleware from HomeController construct:

class HomeController extends Controller
{
    /**
     * Create a new controller instance.
     *
     * @return void
     */
    public function __construct()
    {
        //$this->middleware('auth');
    }
}
Tuesday, August 10, 2021
 
d8aninja
answered 3 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :