bert.hausmans
48f2a00564
PR-2 follow-up. The PR-2 backend SDK install passed unit tests because
they exercised the scrubber and the BindSentryContext scope writer in
isolation, but live exceptions from controllers never reached
GlitchTip — they were correctly logged to laravel.log but the report()
call had no Sentry-aware reporter to invoke.
Root cause: sentry-laravel 4.x does NOT auto-register an exception
reporter. The host application is required to wire Integration::handles
inside withExceptions in bootstrap/app.php (per the package README and
Sentry docs). Without it, report and Laravels automatic
report-before-render flow only hit the default log channel.
Fix: add Integration::handles at the top of withExceptions so
sentry-laravel registers a reportable callback that calls
captureUnhandledException for every reported throwable. Filtering
remains downstream:
- ignore_exceptions in config/sentry.php drops Validation,
Authentication, Authorization (RFC §3.10).
- SentryEventScrubber::scrub returns null for sub-500 HttpException
via the before_send hook (RFC §3.7).
Regression coverage: tests/Feature/Observability/ExceptionReportingTest
installs a real Sentry client with a recording before_send and exercises
the full request to capture pipeline through the auth and sentry.context
middleware. Five cases: RuntimeException IS captured (with §3.6 tags
attached), ValidationException is not, NotFoundHttpException 404 is
not, AuthorizationException 403 is not, request-context tags ride along
on the captured event.
Test count: 1532 to 1537. Larastan clean. Pint clean.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
156 lines
5.3 KiB
PHP
156 lines
5.3 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Tests\Feature\Observability;
|
|
|
|
use App\Models\Organisation;
|
|
use App\Models\User;
|
|
use Database\Seeders\RoleSeeder;
|
|
use Illuminate\Auth\Access\AuthorizationException;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Facades\Route;
|
|
use Illuminate\Validation\ValidationException;
|
|
use Laravel\Sanctum\Sanctum;
|
|
use RuntimeException;
|
|
use Sentry\ClientBuilder;
|
|
use Sentry\Event as SentryEvent;
|
|
use Sentry\EventHint;
|
|
use Sentry\SentrySdk;
|
|
use Sentry\State\Hub;
|
|
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
|
use Tests\TestCase;
|
|
|
|
/**
|
|
* Regression coverage for the report() → sentry-laravel pipeline (PR-2
|
|
* follow-up). Captures the bug where unit tests passed (scope tagging
|
|
* verified, scrubbing verified) yet live exceptions never reached
|
|
* GlitchTip because `\Sentry\Laravel\Integration::handles($exceptions)`
|
|
* was missing from `bootstrap/app.php`.
|
|
*
|
|
* Strategy: install a recording `before_send` hook on a real Sentry
|
|
* client. Every exception that traverses the report pipeline lands here
|
|
* with its full event payload. Returning null prevents network egress.
|
|
*/
|
|
final class ExceptionReportingTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
/**
|
|
* Captured events received by the recording before_send hook.
|
|
*
|
|
* @var list<array{event: SentryEvent, hint: ?EventHint}>
|
|
*/
|
|
private static array $captured = [];
|
|
|
|
protected function setUp(): void
|
|
{
|
|
parent::setUp();
|
|
$this->seed(RoleSeeder::class);
|
|
|
|
self::$captured = [];
|
|
|
|
// Wire a real Sentry client whose before_send records events into
|
|
// the static buffer and returns null (drops, never networked).
|
|
$clientBuilder = ClientBuilder::create([
|
|
'dsn' => 'https://test@localhost/1',
|
|
'environment' => 'testing',
|
|
'release' => 'crewli-api@test',
|
|
'send_default_pii' => false,
|
|
'traces_sample_rate' => 0.0,
|
|
'profiles_sample_rate' => 0.0,
|
|
'ignore_exceptions' => [
|
|
ValidationException::class,
|
|
\Illuminate\Auth\AuthenticationException::class,
|
|
AuthorizationException::class,
|
|
],
|
|
'before_send' => static function (SentryEvent $event, ?EventHint $hint = null): ?SentryEvent {
|
|
self::$captured[] = ['event' => $event, 'hint' => $hint];
|
|
|
|
return null;
|
|
},
|
|
]);
|
|
|
|
$hub = new Hub($clientBuilder->getClient());
|
|
SentrySdk::setCurrentHub($hub);
|
|
|
|
// Test-only routes that exercise each branch of the
|
|
// ignore_exceptions / before_send / capture pipeline.
|
|
Route::middleware(['auth:sanctum', 'sentry.context'])->group(function (): void {
|
|
Route::get('_obs_runtime', static fn () => throw new RuntimeException('boom'))
|
|
->name('test.obs.runtime');
|
|
Route::get('_obs_validation', static function (): never {
|
|
throw ValidationException::withMessages(['email' => 'required']);
|
|
})->name('test.obs.validation');
|
|
Route::get('_obs_404', static fn () => throw new NotFoundHttpException('nope'))
|
|
->name('test.obs.404');
|
|
Route::get('_obs_403', static fn () => throw new AuthorizationException('denied'))
|
|
->name('test.obs.403');
|
|
});
|
|
}
|
|
|
|
private function actAsOrgAdmin(): void
|
|
{
|
|
$org = Organisation::factory()->create();
|
|
$user = User::factory()->create();
|
|
$org->users()->attach($user, ['role' => 'org_admin']);
|
|
$user->assignRole('org_admin');
|
|
Sanctum::actingAs($user);
|
|
}
|
|
|
|
public function test_runtime_exception_from_controller_is_captured(): void
|
|
{
|
|
$this->actAsOrgAdmin();
|
|
|
|
$this->getJson('/_obs_runtime')->assertStatus(500);
|
|
|
|
$this->assertCount(1, self::$captured, 'expected exactly one captured event');
|
|
$event = self::$captured[0]['event'];
|
|
$exceptions = $event->getExceptions();
|
|
$this->assertNotEmpty($exceptions);
|
|
$this->assertSame(RuntimeException::class, $exceptions[0]->getType());
|
|
$this->assertSame('boom', $exceptions[0]->getValue());
|
|
}
|
|
|
|
public function test_validation_exception_is_not_captured(): void
|
|
{
|
|
$this->actAsOrgAdmin();
|
|
|
|
$this->getJson('/_obs_validation')->assertStatus(422);
|
|
|
|
$this->assertCount(0, self::$captured);
|
|
}
|
|
|
|
public function test_not_found_http_exception_is_not_captured(): void
|
|
{
|
|
$this->actAsOrgAdmin();
|
|
|
|
$this->getJson('/_obs_404')->assertStatus(404);
|
|
|
|
$this->assertCount(0, self::$captured);
|
|
}
|
|
|
|
public function test_authorization_exception_is_not_captured(): void
|
|
{
|
|
$this->actAsOrgAdmin();
|
|
|
|
$this->getJson('/_obs_403')->assertStatus(403);
|
|
|
|
$this->assertCount(0, self::$captured);
|
|
}
|
|
|
|
public function test_runtime_exception_carries_request_context(): void
|
|
{
|
|
$this->actAsOrgAdmin();
|
|
|
|
$this->getJson('/_obs_runtime')->assertStatus(500);
|
|
|
|
$this->assertCount(1, self::$captured);
|
|
$tags = self::$captured[0]['event']->getTags();
|
|
// BindSentryContext should have set these on the scope before
|
|
// the exception fired in the controller.
|
|
$this->assertSame('api', $tags['app'] ?? null);
|
|
$this->assertSame('GET', $tags['http.method'] ?? null);
|
|
}
|
|
}
|