You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If a user is authenticated and an error is thrown the default exception handler tries to attach user-specific context to whoops page. This causes the whole app to crash for non-eloquent user models.
This happens because Illuminate\Foundation\Exceptions\Handlerline 152 references the email property on a user. The catch block only catches Exception classes. Because of changes to PHP7 error handling, this is no longer sufficient when a Throwable is thrown. http://php.net/manual/en/language.errors.php7.php
As the Error hierarchy does not inherit from Exception, code that uses catch (Exception $e) { ... } blocks to handle uncaught exceptions in PHP 5 will find that these Errors are not caught by these blocks. Either a catch (Error $e) { ... } block or a set_exception_handler() handler is required.
Steps To Reproduce:
You need to meet the following conditions to see the issue:
An exception must be thrown in the request cycle
You must be logged in
You are using an authenticatable object that does not have a public $email property
I use Doctrine for authentication but I can reproduce this issue without any database.
Example Code to Reproduce
In App/User.php
namespaceApp;
useIlluminate\Contracts\Auth\Access\Authorizable;
useIlluminate\Contracts\Auth\Authenticatable;
useIlluminate\Contracts\Auth\CanResetPassword;
useIlluminate\Notifications\Notifiable;
classUserimplementsAuthenticatable, Authorizable, CanResetPassword {
useNotifiable, \Illuminate\Auth\Authenticatable, \Illuminate\Foundation\Auth\Access\Authorizable, \Illuminate\Auth\Passwords\CanResetPassword;
protected$email;
/** * The attributes that are mass assignable. * * @var array */protected$fillable = [
'name', 'email', 'password',
];
/** * The attributes that should be hidden for arrays. * * @var array */protected$hidden = [
'password', 'remember_token',
];
publicfunctiongetKeyName()
{
return'email';
}
}
In my web.php routes file:
Route::get('/', function () {
Auth::login(newUser());
thrownewException('test');
});
Then simply navigate to the '/' path of your project.
Fix
If the catch block on Line 154 of Illuminate\Foundation\Exceptions\Handler is widened to \Throwable instead of \Exception classes, this is resolved.
I will try to write a test to catch this issue and submit a PR shortly
The text was updated successfully, but these errors were encountered:
Description:
If a user is authenticated and an error is thrown the default exception handler tries to attach user-specific context to whoops page. This causes the whole app to crash for non-eloquent user models.
This happens because
Illuminate\Foundation\Exceptions\Handler
line 152
references the email property on a user. The catch block only catches Exception classes. Because of changes to PHP7 error handling, this is no longer sufficient when a Throwable is thrown. http://php.net/manual/en/language.errors.php7.phpSteps To Reproduce:
You need to meet the following conditions to see the issue:
$email
propertyI use Doctrine for authentication but I can reproduce this issue without any database.
Example Code to Reproduce
In App/User.php
In my web.php routes file:
Then simply navigate to the '/' path of your project.
Fix
If the catch block on
Line 154
ofIlluminate\Foundation\Exceptions\Handler
is widened to \Throwable instead of \Exception classes, this is resolved.I will try to write a test to catch this issue and submit a PR shortly
The text was updated successfully, but these errors were encountered: