req.session.regenerate is not a function
haydarai opened this issue ยท 17 comments
It seems to be because of this jaredhanson/passport#907, probably a good idea to downgrade the passport version for now.
@rkusa : can you please downgrade ? This is really blocking me and I'm rethinking to switch to express if this is going to take a long time :/
@younes-io @haydarai Sole purpose of koa-passport 5.x was to upgrade passport to v6. So if you have to use an older version of passport, you can use koa-passport 4.x for now.
@rkusa koa-passport 5 uses passport v6 whereas koa-passport 4 uses passport v4. Since passport v5 seems to be the way to go for now, how does one handle that?
@nemphys Fair point. Passport v5 looks to me like it just stops extending http.IncomingMessage.prototype, which koa-passport already did from the begining (and all other minor releases are about fixes/compatibility for that change). However, I might be wrong. In this case, you could depend on koa-passport@4 and pin passport to v5 - the combination should work fine I think.
@rkusa right, this is doable, but I just realised that it beats my purpose to get rid of the passport < 0.6.0 vulnerability (which is the reason I wan to update koa-passport :-) )
Is there any ETA for this? I'm considering my options for what the best way would be to solve this problem within the next few weeks (waiting for a fix or refactoring)
@rkusa passport is defined as a dependency of koa-passport, not a peer dependency. So when using koa-passport@4, passport@0.4 will be used, not v0.5. Also, please note that all passport versions starts with 0., this is currently wrong in the README which speaks of v5 and v6, etc. See https://github.com/jaredhanson/passport/tags
I've added a fix to koa-session with which I am able to use koa-passport correctly, see: koajs/session#221
I am contemplating whether I should merge #187 (add a workaround to koa-passport) or point everyone to a custom middleware as a workaround (see #187 (comment)). Any opinions?
@rkusa I suppose the 2nd option is better; merging something like that in koa-passport would just be an ugly fix, so anyone interested (including myself) should take the responsibility of adding it to the codebase.
koa-session v6.4.0 was just released, with my PR linked above merged (koajs/session#221). This solves the issue without any workarounds needed.
Nice! What about koa-generic-session?
Perhaps the MR can serve as a scaffolding for the same change there? I don't use koa-generic-session, so won't have the time to look into it.
"koa-passport": "^6.0.0",
"koa-router": "^12.0.0",
"koa-session": "^6.4.0",
We get error: 2023-02-07T12:19:47.935Z error: uncaughtException: Cannot read properties of null (reading 'regenerate')
TypeError: Cannot read properties of null (reading 'regenerate')
at C:\d\node_modules\passport\lib\sessionmanager.js:83:17
at C:\d\node_modules\koa-session\lib\session.js:156:26
at processTicksAndRejections (node:internal/process/task_queues:95:5)
Please help, how to fix that?
@ilonaand the failing line of code is here:
req.session.regenerate(...)
So it looks like you don't have a session. Are you sure you're actually using the koa-session plugin?
Thanks, but we using koa-session
import session from 'koa-session';
import passport from 'koa-passport';
passport.serializeUser((user: unknown, done) => {
log.info('serializeUser', user);
done(null, (user as IUser).id);
});
passport.deserializeUser((id: string, done) => {
try {
log.info('deserializeUser', id);
const user = userService.findOne(id);
done(null, user);
} catch (err) {
done(err);
}
});
.use(session(Config, app))
.use(passport.initialize())
.use(passport.session())
The user logs in without errors, the session is created, and the error occurs immediately after logging out
Very strange. We have a setup very similar to do this, and it all works for us. The error message does hint at req.session missing, so the problem lies somewhere there.