Laravel 5 Token mismatch on POST request

Question

It is appening something that is very strange:

I'm implementing in Laravel 5, the Iron message queue in order to differ the request, from long tasks executions. Once I've pushed a message into the Iron's queue, it sends a POST request to a predefined route, in order to wake up the long running process (Push Queue approach).

I've this route file:

Route::post('queue/receive', function()
    {
        //start long task exec
        return Queue::marshal();
    });

/* garantisco il logout agli utenti*/
Route::get('auth/logout', 'Auth\AuthController@getLogout');

/* redirect degli utenti loggati */
Route::group(['middleware' => 'guest'], function()
{

    Route::get('/', 'WelcomeController@index');

    Route::controllers([
        'auth' => 'Auth\AuthController',
        'password' => 'Auth\PasswordController',
    ]);
});

Route::group(['middleware' => 'auth'], function()
{
    Route::get('home', 'HomeController@index');
});

The first route defined is the endpoint that IronMQ will call. I know that token mismatch is a popular problem using the "VerifyCsrfToken" middleware (same as filter in L4). The incredible thing is that I've disabled this middleware, but the problem persists. This is my kernel's middlewares:

class Kernel extends HttpKernel {

    /**
     * The application's global HTTP middleware stack.
     *
     * @var array
     */

    protected $middleware = [
        'Illuminate\Foundation\Http\Middleware\CheckForMaintenanceMode',
        'Illuminate\Cookie\Middleware\EncryptCookies',
        'Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse',
        'Illuminate\Session\Middleware\StartSession',
        'Illuminate\View\Middleware\ShareErrorsFromSession',
        //'LabelCreator\Http\Middleware\VerifyCsrfToken',
    ];

    /**
     * The application's route middleware.
     *
     * @var array
     */
    protected $routeMiddleware = [
        'auth' => 'LabelCreator\Http\Middleware\Authenticate',
        'auth.basic' => 'Illuminate\Auth\Middleware\AuthenticateWithBasicAuth',
        'guest' => 'LabelCreator\Http\Middleware\RedirectIfAuthenticated',
    ];

}

As you can see, "VerifyCsrfToken" is disabled but testing the post request from local env, now I'm getting this error:

    DecryptException in Encrypter.php line 142:
Invalid data.
in Encrypter.php line 142
at Encrypter->getJsonPayload('') in Encrypter.php line 92
at Encrypter->decrypt('') in IronQueue.php line 214
at IronQueue->parseJobBody('') in IronQueue.php line 173
at IronQueue->marshalPushedJob() in IronQueue.php line 159
at IronQueue->marshal()
at call_user_func_array(array(object(IronQueue), 'marshal'), array()) in QueueManager.php line 223
at QueueManager->__call('marshal', array()) in Facade.php line 207
at QueueManager->marshal() in Facade.php line 207
at Facade::__callStatic('marshal', array()) in routes.php line 17
at Queue::marshal() in routes.php line 17
at RouteServiceProvider->{closure}()
at call_user_func_array(object(Closure), array()) in Route.php line 153
at Route->runCallable(object(Request)) in Route.php line 128
at Route->run(object(Request)) in Router.php line 691
at Router->Illuminate\Routing\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 141
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 101
at Pipeline->then(object(Closure)) in Router.php line 693
at Router->runRouteWithinStack(object(Route), object(Request)) in Router.php line 660
at Router->dispatchToRoute(object(Request)) in Router.php line 618
at Router->dispatch(object(Request)) in Kernel.php line 210
at Kernel->Illuminate\Foundation\Http\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 141
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in ShareErrorsFromSession.php line 55
at ShareErrorsFromSession->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in StartSession.php line 61
at StartSession->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in AddQueuedCookiesToResponse.php line 36
at AddQueuedCookiesToResponse->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in EncryptCookies.php line 40
at EncryptCookies->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->Illuminate\Pipeline\{closure}(object(Request)) in CheckForMaintenanceMode.php line 42
at CheckForMaintenanceMode->handle(object(Request), object(Closure)) in Pipeline.php line 125
at Pipeline->Illuminate\Pipeline\{closure}(object(Request))
at call_user_func(object(Closure), object(Request)) in Pipeline.php line 101
at Pipeline->then(object(Closure)) in Kernel.php line 111
at Kernel->sendRequestThroughRouter(object(Request)) in Kernel.php line 84
at Kernel->handle(object(Request)) in index.php line 53

I've tried to comment the others middlewares, but the problem persists. What Iron is doing is a simple POST request to my endpoint, like webhooks do. What is the problem? I don't think is a session's problem, because Iron is a simple thirdy part service that call an endpoint, and if it remains a "guest" client for my app it is ok.

Can anyone help me? thanks in advance

Answer 1

I've found the problem: I was testing the endpoint in local without a POST request payload, so the decryption doesn't work properly, but sniffing which payload IronMQ sends, using RequestBin (very useful tool), I've added the same payload to local test request, and now it works.

Hope it helps :)