[TokenMismatchException] toutes les minutes dans les logs

Par Axis, il y a 10 ans

PHP Laravel

Bonjour,

En regardant les logs de mon api je me rends compte qu'une erreur de type TokenMismatchException apparait toutes les minutes...

Dans un premiers temps je pensais à une requete Ajax qui foirait mais non.

J'ai donc tester de me deconnecter et de créer un page de login vierge donc appel à aucun fichier tiers (JS/CSS) et l'erreur continue de sincrémenter toutes le minutes...

Auriez vous une idée d'où cela peut il provenir ? J'opterais pour un package qui merde mais comment le trouver ?

Voilà l'erreur :

[2016-05-10 18:18:42] local.ERROR: exception 'Illuminate\Session\TokenMismatchException' in /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:67 Stack trace: #0 [internal function]: Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle(Object(Illuminate\Http\Request), Object(Closure)) #1 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(136): call_user_func_array(Array, Array) #2 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #3 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #4 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request)) #5 [internal function]: Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(Illuminate\Http\Request), Object(Closure)) #6 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(136): call_user_func_array(Array, Array) #7 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #8 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #9 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(62): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request)) #10 [internal function]: Illuminate\Session\Middleware\StartSession->handle(Object(Illuminate\Http\Request), Object(Closure)) #11 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(136): call_user_func_array(Array, Array) #12 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #13 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #14 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request)) #15 [internal function]: Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle(Object(Illuminate\Http\Request), Object(Closure)) #16 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(136): call_user_func_array(Array, Array) #17 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #18 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #19 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(59): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request)) #20 [internal function]: Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(Illuminate\Http\Request), Object(Closure)) #21 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(136): call_user_func_array(Array, Array) #22 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #23 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #24 [internal function]: Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request)) #25 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #26 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Router.php(726): Illuminate\Pipeline\Pipeline->then(Object(Closure)) #27 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Router.php(699): Illuminate\Routing\Router->runRouteWithinStack(Object(Illuminate\Routing\Route), Object(Illuminate\Http\Request)) #28 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Router.php(675): Illuminate\Routing\Router->dispatchToRoute(Object(Illuminate\Http\Request)) #29 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(246): Illuminate\Routing\Router->dispatch(Object(Illuminate\Http\Request)) #30 [internal function]: Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}(Object(Illuminate\Http\Request)) #31 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(52): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #32 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(50): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request)) #33 [internal function]: Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle(Object(Illuminate\Http\Request), Object(Closure)) #34 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(136): call_user_func_array(Array, Array) #35 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #36 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #37 [internal function]: Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request)) #38 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #39 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(132): Illuminate\Pipeline\Pipeline->then(Object(Closure)) #40 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(99): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request)) #41 /Users/Nicolas/Sites/Projets/rage/public/index.php(54): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request)) #42 {main} [2016-05-10 18:18:42] local.ERROR: exception 'Illuminate\Session\TokenMismatchException' in /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php:67 Stack trace: #0 [internal function]: Illuminate\Foundation\Http\Middleware\VerifyCsrfToken->handle(Object(Illuminate\Http\Request), Object(Closure)) #1 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(136): call_user_func_array(Array, Array) #2 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #3 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #4 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/View/Middleware/ShareErrorsFromSession.php(49): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request)) #5 [internal function]: Illuminate\View\Middleware\ShareErrorsFromSession->handle(Object(Illuminate\Http\Request), Object(Closure)) #6 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(136): call_user_func_array(Array, Array) #7 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #8 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #9 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(62): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request)) #10 [internal function]: Illuminate\Session\Middleware\StartSession->handle(Object(Illuminate\Http\Request), Object(Closure)) #11 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(136): call_user_func_array(Array, Array) #12 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #13 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #14 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request)) #15 [internal function]: Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse->handle(Object(Illuminate\Http\Request), Object(Closure)) #16 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(136): call_user_func_array(Array, Array) #17 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #18 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #19 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(59): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request)) #20 [internal function]: Illuminate\Cookie\Middleware\EncryptCookies->handle(Object(Illuminate\Http\Request), Object(Closure)) #21 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(136): call_user_func_array(Array, Array) #22 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #23 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #24 [internal function]: Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request)) #25 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #26 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Router.php(726): Illuminate\Pipeline\Pipeline->then(Object(Closure)) #27 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Router.php(699): Illuminate\Routing\Router->runRouteWithinStack(Object(Illuminate\Routing\Route), Object(Illuminate\Http\Request)) #28 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Router.php(675): Illuminate\Routing\Router->dispatchToRoute(Object(Illuminate\Http\Request)) #29 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(246): Illuminate\Routing\Router->dispatch(Object(Illuminate\Http\Request)) #30 [internal function]: Illuminate\Foundation\Http\Kernel->Illuminate\Foundation\Http\{closure}(Object(Illuminate\Http\Request)) #31 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(52): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #32 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php(50): Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request)) #33 [internal function]: Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode->handle(Object(Illuminate\Http\Request), Object(Closure)) #34 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(136): call_user_func_array(Array, Array) #35 [internal function]: Illuminate\Pipeline\Pipeline->Illuminate\Pipeline\{closure}(Object(Illuminate\Http\Request)) #36 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(32): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #37 [internal function]: Illuminate\Routing\Pipeline->Illuminate\Routing\{closure}(Object(Illuminate\Http\Request)) #38 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(103): call_user_func(Object(Closure), Object(Illuminate\Http\Request)) #39 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(132): Illuminate\Pipeline\Pipeline->then(Object(Closure)) #40 /Users/Nicolas/Sites/Projets/rage/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(99): Illuminate\Foundation\Http\Kernel->sendRequestThroughRouter(Object(Illuminate\Http\Request)) #41 /Users/Nicolas/Sites/Projets/rage/public/index.php(54): Illuminate\Foundation\Http\Kernel->handle(Object(Illuminate\Http\Request)) #42 {main}

8 réponses

Axis, il y a 10 ans

Bon bah j'ai désinstallé tous mes packages un par un et toujours la meme erreur...

Axis, il y a 10 ans

Après moultes tests etsuppressions de fichiers, j'ai fini par isoler 2 méthodes (appelées via AJAX) qui fesaient l'objet de l'erreur et les exclure du middleware CSRFTOKEN...

Si quelqu'un à une idée tout de meme je suis preneur.

Les 2 méthodes :

public function retrieveNotifications(){ $notifications = User::findOrFail(Auth::id()) ->notifications() ->orderBy('created_at', 'DESC') ->take(5) ->get(); foreach($notifications as $notification): $notification->time = $notification->created_at->diffForHumans(); endforeach; return response()->json($notifications); } public function getNewNotificationsNumber(){ $notifications = User::findOrFail(Auth::id()) ->notifications() ->where('read', false) ->get() ->count(); return response()->json($notifications); }

L'appel AJAX :

var _TOKEN = '{{ Session::token() }}'; function getNewNotificationsNumber(){ $.ajax({ type: "POST", url: url + "/getNewNotificationsNumber", data: {_token: _TOKEN}, success: function(data){ if(data > 0){ $('#notifNum').text(data).fadeIn(); } else{ $('#notifNum').fadeOut(); } }, error: function(data){ console.log(data); } }); } function retrieveNotifications(){ $('#notif-dropdown').children().remove(); $.ajax({ type: "POST", url: url + "/retrieveNotifications", data: {_token: _TOKEN}, success: function(data){ $.each(data, function(i, index) { //[...] }); }, error: function(data){ console.log(data); } }); } function checkNotifications(){ getNewNotificationsNumber(); retrieveNotifications() setTimeout(checkNotifications, 60000); } checkNotifications();

Je précise que mes 2 méthodes renvoient bien un statut 200 et une réponse correcte.

AlexJM, il y a 10 ans

Essaye en changeant Session::token() en csrf_token()

Axis, il y a 10 ans

Meme combat avec csrf_token() :-(

Grafikart, il y a 10 ans

L'erreur vient de toi (quand tu essaie de te loguer) ? Tu as peut être un bot qui test ton formulaire de connexion tout le temps non ?

Axis, il y a 10 ans

@Grafikart : comment controler si un bot tourne ?

Axis, il y a 10 ans

Je ne comprends vraiment pas car mon token est bien envoyé à mes 2 méthodes via AJAX puisque si je le retire je me retrouve avec une reponse 500 sur mes appels...

Onouriis, il y a 10 ans

Personnellement, j'ai fait un champ meta dans le head :

<meta name="csrf-token" content="{{ csrf_token() }}">

et au début de mon fichier js, j'ai mis :

$.ajaxSetup({ headers: { 'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content') } });