parse-community
Login fails with `req.session.regenerate is not a function`
- [X ] I am not disclosing a vulnerability.
- [ X] I am not just asking a question.
- [ X] I have searched through existing issues.
- [ X] I can reproduce the issue with the latest versions of Parse Server and Parse Dashboard.
Issue Description
Impossible to login on the dashboard after upgrade on 4.1.3. It was working 4.1.2. No issue after downgrading on 4.1.2
Steps to reproduce
In nodejs server code: const dashboard = new ParseDashboard(dashboardConfig,{allowInsecureHTTP: true}); app.use('/dash', dashboard);
Fill the login form and submit.
Actual Outcome
TypeError: req.session.regenerate is not a function at SessionManager.logIn (/home/demo/work/dkb/dkb-backend/node_modules/passport/lib/sessionmanager.js:28:15) at IncomingMessage.req.login.req.logIn (/home/demo/work/dkb/dkb-backend/node_modules/passport/lib/http/request.js:39:26) at Strategy.strategy.success (/home/demo/work/dkb/dkb-backend/node_modules/passport/lib/middleware/authenticate.js:256:13) at verified (/home/demo/work/dkb/dkb-backend/node_modules/passport-local/lib/strategy.js:83:10) at Strategy._verify (/home/demo/work/dkb/dkb-backend/node_modules/parse-dashboard/Parse-Dashboard/Authentication.js:41:7) at Strategy.authenticate (/home/demo/work/dkb/dkb-backend/node_modules/passport-local/lib/strategy.js:88:12) at attempt (/home/demo/work/dkb/dkb-backend/node_modules/passport/lib/middleware/authenticate.js:369:16) at authenticate (/home/demo/work/dkb/dkb-backend/node_modules/passport/lib/middleware/authenticate.js:370:7) at Layer.handle [as handle_request] (/home/demo/work/dkb/dkb-backend/node_modules/express/lib/router/layer.js:95:5) at next (/home/demo/work/dkb/dkb-backend/node_modules/express/lib/router/route.js:144:13)
Dashboard
- Parse Dashboard version: 4.1.3
- Browser (Safari, Chrome, Firefox, Edge, etc.): Chrome, Firefox
Server
- Parse Server version: 5.2.4
- Operating system: Linux
- Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc): local
Database
- System (MongoDB or Postgres): mongo
- Database version: last on dockerhub
- Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc): local container
Thanks for opening this issue!
- ❌ Please edit your post and use the provided template when creating a new issue. This helps everyone to understand your post better and asks for essential information to quicker review the issue.
![parse-github-assistant[bot] avatar](https://avatars.githubusercontent.com/in/136195?v=4 "Published by a pub.dev verified publisher"){kind=small}
Could you try out the last few alpha versions and see where the issue started to occur?
The issue is related to https://github.com/parse-community/parse-dashboard/pull/2162; the original issue is described in https://github.com/jaredhanson/passport/issues/907.
@mtrezza this issue still persists in 4.2.0-alpha.8 working on 4.2.0-alpha.4.
I can confirm that the issue still exists in 4.2.0-alpha.8. The problem was re-introduced with https://github.com/parse-community/parse-dashboard/pull/2259 by upgrading passport. Unfortunately it's pretty hard to track not to update that one dependency. And the issue hasn't been fixed in passport yet.
I'll downgrade passport again with https://github.com/parse-community/parse-dashboard/pull/2260.
We'll keep the issue open until we can safely upgrade the dependency or have replaced the dependency with an alternative.
The issue is open for a while because of the passport package. Not sure whether is has a bug or became incompatible because it behaves differently, that's discussed in their issue.
We need to determine whether to:
- a) wait for their issue to be fixed (worst option)
- b) adapt something in our code so we can upgrade to the latest passport version (preferred option)
- c) replace passport with another library (preferred option if it's less work than b)
I think the issue is with the way cookie-session works with the passport package. I don’t think we can make any changes on our end to make it work - the issues are coming from passport / cookie session
So let's go with option (a) for now; if they don't fix that soon we'll have to look into option (c).