Login fails with req.session.regenerate is not a function

[slysiou]

• [X ] I am not disclosing a vulnerability.
• [ X] I am not just asking a question.
• [ X] I have searched through existing issues.
• [ X] I can reproduce the issue with the latest versions of Parse Server and Parse Dashboard.

Issue Description

Impossible to login on the dashboard after upgrade on 4.1.3.
It was working 4.1.2. No issue after downgrading on 4.1.2

Steps to reproduce

In nodejs server code:
const dashboard = new ParseDashboard(dashboardConfig,{allowInsecureHTTP: true});
app.use('/dash', dashboard);

Fill the login form and submit.

Actual Outcome

TypeError: req.session.regenerate is not a function
at SessionManager.logIn (/home/demo/work/dkb/dkb-backend/node_modules/passport/lib/sessionmanager.js:28:15)
at IncomingMessage.req.login.req.logIn (/home/demo/work/dkb/dkb-backend/node_modules/passport/lib/http/request.js:39:26)
at Strategy.strategy.success (/home/demo/work/dkb/dkb-backend/node_modules/passport/lib/middleware/authenticate.js:256:13)
at verified (/home/demo/work/dkb/dkb-backend/node_modules/passport-local/lib/strategy.js:83:10)
at Strategy._verify (/home/demo/work/dkb/dkb-backend/node_modules/parse-dashboard/Parse-Dashboard/Authentication.js:41:7)
at Strategy.authenticate (/home/demo/work/dkb/dkb-backend/node_modules/passport-local/lib/strategy.js:88:12)
at attempt (/home/demo/work/dkb/dkb-backend/node_modules/passport/lib/middleware/authenticate.js:369:16)
at authenticate (/home/demo/work/dkb/dkb-backend/node_modules/passport/lib/middleware/authenticate.js:370:7)
at Layer.handle [as handle_request] (/home/demo/work/dkb/dkb-backend/node_modules/express/lib/router/layer.js:95:5)
at next (/home/demo/work/dkb/dkb-backend/node_modules/express/lib/router/route.js:144:13)

Dashboard

• Parse Dashboard version: 4.1.3
• Browser (Safari, Chrome, Firefox, Edge, etc.): Chrome, Firefox

Server

• Parse Server version: 5.2.4
• Operating system: Linux
• Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc): local

Database

• System (MongoDB or Postgres): mongo
• Database version: last on dockerhub
• Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc): local container

[parse-github-assistant]

Thanks for opening this issue!

• ❌ Please edit your post and use the provided template when creating a new issue. This helps everyone to understand your post better and asks for essential information to quicker review the issue.

[mtrezza]

Could you try out the last few alpha versions and see where the issue started to occur?

[mtrezza]

The issue is related to #2162; the original issue is described in jaredhanson/passport#907.

[mtrezza]

Closing via #2196

[2shrestha22]

@mtrezza this issue still persists in 4.2.0-alpha.8 working on 4.2.0-alpha.4.

[mtrezza]

I can confirm that the issue still exists in 4.2.0-alpha.8. The problem was re-introduced with #2259 by upgrading passport. Unfortunately it's pretty hard to track not to update that one dependency. And the issue hasn't been fixed in passport yet.

I'll downgrade passport again with #2260.

We'll keep the issue open until we can safely upgrade the dependency or have replaced the dependency with an alternative.

[mtrezza]

The issue is open for a while because of the passport package. Not sure whether is has a bug or became incompatible because it behaves differently, that's discussed in their issue.

We need to determine whether to:

• a) wait for their issue to be fixed (worst option)
• b) adapt something in our code so we can upgrade to the latest passport version (preferred option)
• c) replace passport with another library (preferred option if it's less work than b)

[dblythy]

I think the issue is with the way cookie-session works with the passport package. I don’t think we can make any changes on our end to make it work - the issues are coming from passport / cookie session

[mtrezza]

So let's go with option (a) for now; if they don't fix that soon we'll have to look into option (c).