mandant-crm/backend/app/Exceptions/Handler.php
Tim Stollberg abbd92ef85 fix(auth): return JSON 401 for unauthenticated requests unconditionally
The previous Authenticate::redirectTo() -> null fix was incomplete:
Laravel's default Handler::unauthenticated() still falls back to
route('login') via '$exception->redirectTo() ?? route('login')'
whenever the request isn't detected as expectsJson() (no Accept:
application/json or X-Requested-With header), which throws
RouteNotFoundException since this app has no named login route.

Override unauthenticated() directly so this pure-API backend always
returns a JSON 401, regardless of request headers.
2026-07-18 16:09:04 +07:00

42 lines
1.1 KiB
PHP

<?php
namespace App\Exceptions;
use Illuminate\Auth\AuthenticationException;
use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
use Illuminate\Http\JsonResponse;
use Throwable;
class Handler extends ExceptionHandler
{
/**
* The list of the inputs that are never flashed to the session on validation exceptions.
*
* @var array<int, string>
*/
protected $dontFlash = [
'current_password',
'password',
'password_confirmation',
];
/**
* Register the exception handling callbacks for the application.
*/
public function register(): void
{
$this->reportable(function (Throwable $e) {
//
});
}
/**
* This app is a pure JSON API (SPA frontend, no server-rendered login route),
* so unauthenticated requests always get a 401 JSON response instead of
* Laravel's default redirect-to-login fallback.
*/
protected function unauthenticated($request, AuthenticationException $exception): JsonResponse
{
return response()->json(['message' => $exception->getMessage()], 401);
}
}