Exceptions, Stack Trace Emails - samuelgrant/fight-for-kidz GitHub Wiki

Exception Emails

This page covers the website exception email notification system. This system has been included because developers would not be aware of bugs or faults unless they were notified by an administrator, a user or they saw a log entry when looking at other issues.

The Process

  1. An exception is thrown, usually an HTTP500 (Internal Server Error)
  2. The exception handler evaluates if the route is on the exclusions list, if the route is not on the exclusion list it creates an email job for each developer and submits it to the queue
  3. The normal exception process then continues. Includes but not limited to logging and displaying the exception or error page.

Adding/Removing users from the mailing list

Exception emails may include sensitive data including personal information for our guests, clients or information that could make the website vulnerable to attackers. As such we only allow user accounts access to these emails, as they have full access to the website already. A user will only receive these emails if their account:

  • is Active
  • has Exception Emails toggled On - This is done on the User Management page When an exception is thrown, every user account that meets the above criteria will be notified via email. You cannot send these emails to system groups.

Route Exclusion

You may wish to exclude certain routes for security reasons. This is done in the route handler /app/Exceptions/Handler.php

Example:

<?php

namespace App\Exceptions;

use App\User;
use Exception;
use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;

use Mail;
use App\Mail\ExceptionOccured;
use Symfony\Component\Debug\Exception\FlattenException;
use Symfony\Component\Debug\ExceptionHandler as SymfonyExceptionHandler;


class Handler extends ExceptionHandler
{
    /**
     * A list of the exception types that are not reported.
     *
     * @var array
     */
    protected $dontReport = [
        '/login/*'
    ];
     
    /**
    * Other exceptions go here which:
    * log the exception
    * display error pages
    * send an exception email if the route is not in the `$dontReport` array
    */
}