passport
passport copied to clipboard
jaredhanson
req.session.regenerate is not a function since upgrade to 0.6.0
We have been using passport for some time within our application and have had no issues but once upgraded from 0.5.2 to 0.6.0 we are suddenly seeing an error when submitting authentication.
C:\stash\NTTSites\sites\fw-standards\node_modules\passport\lib\sessionmanager.js:28
req.session.regenerate(function(err) {
^
TypeError: req.session.regenerate is not a function
at SessionManager.logIn (C:\stash\NTTSites\sites\fw-standards\node_modules\passport\lib\sessionmanager.js:28:15)
at IncomingMessage.req.login.req.logIn (C:\stash\NTTSites\sites\fw-standards\node_modules\passport\lib\http\request.js:39:26)
at Strategy.strategy.success (C:\stash\NTTSites\sites\fw-standards\node_modules\passport\lib\middleware\authenticate.js:256:13)
at verified (C:\stash\NTTSites\sites\fw-standards\node_modules\passport-local\lib\strategy.js:83:10)
at Strategy.runAuth [as _verify] (C:\stash\NTTSites\sites\fw-standards\utils\passport-authentication.js:60:10)
Our passport-authentication.js just initialises passport within expressJS and sets some local strategies.
I have rolled back to 0.5.3 and our application works fine again.
Environment
- Operating System: Windows 10
- Node version: 16.13.2
- passport version: 0.6.0
Thanks for the report. This is a duplicate of #904. I'd recommend pinning to 0.5.x, until I've had a chance to release an update with the new features described on the initial issue.
Passport 0.5.0 has a significant vulnerability, and when we update to 0.6.0, we see the error "TypeError: req.session.regenerate is not a function." Does that mean that anything relating to the session create issue needs to be manually edited?
Any update for March 2023? I see that @VottonDev has a fix in their separate repo..
Any update for March 2023? I see that @VottonDev has a fix in their separate repo..
Yeah, I'm using: https://github.com/joeyguerra/passport#missing-regenerate-on-req temporarily till passport fixes it upstream and that works for me so far when using the cookie-session module.
@VottonDev, what's the best way to apply the fix in joeyguerra's fork?
Well I've changed my package.json passport to
"passport": "github:joeyguerra/passport#missing-regenerate-on-req",
The PR for the fix is here, which is how I found it: https://github.com/jaredhanson/passport/pull/947
I am getting the below error when I logout from my application. I am using express-session module to manage the sessions. According to the above discussion is there a permanent fix for this or do I need to downgrade from Passport 0.6.0
/node_modules/passport/lib/sessionmanager.js:83
req.session.regenerate(function(err) {
^
TypeError: Cannot read properties of undefined (reading 'regenerate')
at Immediate.
Hi All,
Can anyone please confirm the status of this issue as this is currently blocking one of our production deployments? Is there a permanent fix for this or do we need to downgrade to 0.5.x version?
I encountered a similar problem with version 0.6 of Passport. To resolve it, I downgraded to version 0.5.0
I ended up resolving this issue for our upgrade to passport 0.6.0 by stubbing the regenerate and save methods. I patched the dependency in our repository in the lib/sessionmanager.js file as such:
options = options || {};
+ this._delegate = options.delegate || {
+ regenerate: function(req, cb) {
+ cb();
+ },
+ save: function(req, cb) {
+ cb();
+ }
+ };
And then propagating those changes to the various calls to save and regenerate in the file.
@imartinezmorales-loom do we simply have to add these lines or have to change/remove something as well
@recursiveway - I actually ended up writing a middleware function that I pull into our express server. The middleware function is just a stub similar to the one above:
export const passportMiddleware = (request, response, next) => {
if (request.session && !request.session.regenerate) {
request.session.regenerate = cb => {
cb();
};
}
if (request.session && !request.session.save) {
request.session.save = cb => {
cb();
};
}
next();
};
instead of using cookie-session I've used express-session as a session middleware with the latest passport package and this solves the problem.
instead of using
cookie-sessionI've usedexpress-sessionas a session middleware with the latest passport package and this solves the problem.
Yes but it should also work with cookie-session, it did until 0.5.0. It's not so easy for everyone to switch the session manager, especially on large projects. Hopefully this gets fixed sometime soon
So should I change session manager from cookie-session to express-session, or stay on passport 0.5?
@drebel, it shows me, Error: req#logout requires a callback function
Any news for this one? I'm getting same error under passport 0.7.0 and cookie-session 2.1.0
@yevon
Any news for this one? I'm getting same error under passport 0.7.0 and cookie-session 2.1.0
Hey, the cookie-session isn't officialy supported by passport. So I don't think they will ever make support for it. I used to use cookie-session, but I switched to express-session and it works very well. I suggest you to switch too.
Have a nice day, Daniel Kroufek
@yevon
Any news for this one? I'm getting same error under passport 0.7.0 and cookie-session 2.1.0
Hey, the cookie-session isn't officialy supported by passport. So I don't think they will ever make support for it. I used to use cookie-session, but I switched to express-session and it works very well. I suggest you to switch too.
Have a nice day, Daniel Kroufek
Thanks for that! I will try to replace it