25

It is common that errors from Authentication and CSRF arise when running phpunit.

In the TestCase we use:

use WithoutMiddleware;

The problem is when forms fail, it usually comes back with a Flash Message and Old Input. We have disabled all middleware so we have no access to Input::old('username'); or the flash message.

Furthermore our tests of this failed form post returns:

Caused by
exception 'RuntimeException' with message 'Session store not set on request.

Is there a way to enable the Session Middleware and disable everything else.

tread
  • 10,133
  • 17
  • 95
  • 170
  • You may also want to have a look on this https://github.com/laravel/internals/issues/506#issuecomment-291552399 – ira May 04 '17 at 09:34

6 Answers6

33

The best way I have found to do this isn't by using the WithoutMiddleware trait but by modifying the middleware you want to disable. For example, if you want to disable the VerifyCsrfToken middleware functionality in your tests you can do the following.

Inside app/Http/Middleware/VerifyCsrfToken.php, add a handle method that checks the APP_ENV for testing.

public function handle($request, Closure $next)
{
    if (env('APP_ENV') === 'testing') {
        return $next($request);
    }

    return parent::handle($request, $next);
}

This will override the handle method inside of Illuminate\Foundation\Http\Middleware\VerifyCsrfToken, disabling the functionality entirely.

Kyslik
  • 8,217
  • 5
  • 54
  • 87
Enijar
  • 6,387
  • 9
  • 44
  • 73
  • 3
    nice solution, easy to read and understand. btw, `env('APP_ENV')` can be replaces with `app()->env` which is a little bit nicer :) – Limon Monte Dec 18 '15 at 14:39
  • 1
    Thank you. If anyone is looking to override the VerifyCSRF handle method and you get a `Argument 2 needs to be of type App\Http\Middleware\Closure` check this [answer](http://stackoverflow.com/questions/33121192/laravel-5-1-prevent-csrf-mismatch-from-throwing-exception) – tread Dec 18 '15 at 16:21
  • 8
    instead of checking directly `env('APP_ENV')` you can use `app()->runningUnitTests()` (which internally will do the same evaluation but will still work if the env values change in the future). – Miquel Correa Casablanca Jan 30 '18 at 11:02
30

Laravel >= 5.5

As of Laravel 5.5, the withoutMiddleware() method allows you to specify the middleware to disable, instead of disabling them all. So, instead of modifying all of your middleware to add env checks, you can just do this in your test:

$this->withoutMiddleware(\App\Http\Middleware\VerifyCsrfToken::class);

Laravel < 5.5

If you're on Laravel < 5.5, you can implement the same functionality by adding the updated method to your base TestCase class to override the functionality from the framework TestCase.

PHP >= 7

If you're on PHP7+, add the following to your TestCase class, and you'll be able to use the same method call mentioned above. This functionality uses an anonymous class, which was introduced in PHP7.

/**
 * Disable middleware for the test.
 *
 * @param  string|array|null  $middleware
 * @return $this
 */
public function withoutMiddleware($middleware = null)
{
    if (is_null($middleware)) {
        $this->app->instance('middleware.disable', true);

        return $this;
    }

    foreach ((array) $middleware as $abstract) {
        $this->app->instance($abstract, new class {
            public function handle($request, $next)
            {
                return $next($request);
            }
        });
    }

    return $this;
}

PHP < 7

If you're on PHP < 7, you'll have to create an actual class file, and inject that into the container instead of the anonymous class.

Create this class somewhere:

class FakeMiddleware
{
    public function handle($request, $next)
    {
        return $next($request);
    }
}

Override the withoutMiddleware() method in your TestCase and use your FakeMiddleware class:

/**
 * Disable middleware for the test.
 *
 * @param  string|array|null  $middleware
 * @return $this
 */
public function withoutMiddleware($middleware = null)
{
    if (is_null($middleware)) {
        $this->app->instance('middleware.disable', true);

        return $this;
    }

    foreach ((array) $middleware as $abstract) {
        $this->app->instance($abstract, new FakeMiddleware());
    }

    return $this;
}
patricus
  • 59,488
  • 15
  • 143
  • 145
  • 2
    I've just wasted a good 30 min trying to figure out why that particular middleware was still running despite I added `$this->withoutMiddleware('friendly-alias-name');` to my test. Turns out you _have_ to use the middleware class name and not the friendly alias. – kolaente Aug 14 '21 at 17:27
2

You can use trait in test:

use Illuminate\Foundation\Testing\WithoutMiddleware;

Laravel >= 5.7

Denis Silva
  • 135
  • 5
1

I might be late, but what I've figured it out:

$this->withoutMiddleware([
   'email-verified', //alias does NOT work
   EnsureEmailIsVerified::class //Qualified class name DOES WORK
]);
Ali Raza
  • 842
  • 7
  • 13
0

The following worked for me:

use WithoutMiddleware;

public function setUp(): void
{
    parent::setUp();
    $this->withoutMiddleware();
}
meda
  • 45,103
  • 14
  • 92
  • 122
  • It had been there for ages, so why do you need to call the method? https://github.com/laravel/framework/blob/9.x/src/Illuminate/Foundation/Testing/TestCase.php#L134 https://github.com/laravel/framework/blob/9.x/src/Illuminate/Foundation/Testing/WithoutMiddleware.php – ssi-anik Mar 23 '22 at 13:49
0
The withoutMiddleware method can only remove route middleware and does not apply to global middleware.

From https://laravel.com/docs/8.x/middleware

Harry Bosh
  • 3,611
  • 2
  • 36
  • 34