search

jfromaniello / passport.socketio

access passport.js authenticated user information from socket.io connection
655 stars 81 forks source link

"Passport was not initialized" when using Passport 0.3.0 and Socket.io 1.3.6 #110

Open patrickpilch opened 9 years ago

patrickpilch commented 9 years ago

I am unable to get this library to work properly. My authorization failure callback is always called from the library's index.js file at line 75

if(!session[auth.passport._key])
        return auth.fail(data, 'Passport was not initialized', true, accept);

Here is the code related to my setup

var session = require('express-session');
var sessionStore = new RedisStore( { client:redis } );
var RedisStore = require('connect-redis')(session);
// ...
app.use( session({
        store: sessionStore,
        secret: 'such secret wow',
        resave: false,
        saveUninitialized: true //TODO change to false
    })
);
// ...
app.use(passport.initialize());
app.use(passport.session());
var server = http.createServer(app);
var sockets = require('socket.io')(server);
sockets.use(PassportSocketIo.authorize({
    key: 'connect.sid',
    secret: 'such secret wow',
    store: sessionStore,
    success: onAuthorizeSuccess,
    fail: onAuthorizeFail
}));
willshiao commented 9 years ago

I get the same error. I'm using:

@patrickpilch Were you able to find a fix?

jfromaniello commented 9 years ago

Are you using the session middleware from express?

willshiao commented 9 years ago

@jfromaniello I am using express-session, if that's what you are asking.

neilff commented 9 years ago

I had the same issue, I ended up downgrading to the packages listed in package.json.

I then got a new error saying it was unable to find the provided session ID. That turned out to be an unrelated issue which occurred because I was pointing to //localhost instead of //127.0.0.1. See http://stackoverflow.com/questions/25456656/passport-socketio-has-issues-finding-session for the second issue if you run into that.

patrickpilch commented 9 years ago

@willshiao I ended up not using this library in favor of this route: http://stackoverflow.com/a/25618636 My setup:

var session = require('express-session');
var sessionMiddleware = session({
    store: sessionStore,
    secret: 'such secret wow',
    resave: false,
    saveUninitialized: false
});

sockets.use(function(socket, next) {
    sessionMiddleware(socket.request, socket.request.res, next);
});
deelan commented 9 years ago

Any progress on this issue? It doesn't seem to happen consistently (that is, somehow not every time - but definitely frequently) and is preventing me from being able to use passport 0.3.x and passport.socketio 3.6.x. If there is no plan to address it, that would be useful to know.

Thanks!

camj256 commented 9 years ago

yeah, i really need to get this figured out. I have a few apps this is happening on. going to be looking into it much deeper this week and i'll post back if I can figure it out.

dpieri commented 9 years ago

I am also having this problem. I added some debugging code to the library and at the point that this error is thrown session is: { cookie: { originalMaxAge: 8640000, expires: '2015-11-30T03:12:47.918Z', httpOnly: true, path: '/' } }

So session[auth.passport._key] is undefined, thus throwing this error.

Passport version: 0.3.2 Socket.io version: 1.3.7

jfromaniello commented 8 years ago

That turned out to be an unrelated issue which occurred because I was pointing to //localhost instead of //127.0.0.1.

That's not an unrelated issue but most of the time the reason of this specific issue. This module uses the passport session and in order to do that you need to verify that the browser is sending the cookies on the handshake. One of the reasons where the browser will not send the cookie is because you are using different domains, like localhost to authenticate and 127.0.0.1 for socketio.

dpieri commented 8 years ago

My problems were also related to cross-domain cookies. I resolved this problem by using the CORS workaround from the Readme. I see in the code that you have an error message telling people to do just that, but for whatever reason I never hit that.

jackycute commented 8 years ago

I encounter the same issue as @dpieri did. And also tried his advise using the CORS workaround. The error not occur anymore but users are not authorized too.

So I look down to the detail, I found that if you using CORS request here. The session is undefined and will return auth.fail at same time.

I tried several times and found that the object named passport might not always in the session object. And that cause Passport was not initialized error, you can consider user is not authorized in this case.

This might cause by some changes in the newer version of passport, I will go check it.

nikhilsarvaiye commented 7 years ago

this is old question, but the problem is your are missing passport.serializeUser and passport.deserializeUser

passport uses deserializeUser to update user in session object.

charlieg-nuco commented 6 years ago

I'm getting this error as ewll. I tried using 127.0.0.1 in my browser as well. The app seems to run on a server but not locally.

wimgz commented 6 years ago

sockets.use(function(socket, next) { sessionMiddleware(socket.request, socket.request.res, next); });

I used this too and replaced won't use this library