search

openstf / stf

Control and manage Android devices from your browser.
https://openstf.io
Other
13.38k stars 2.79k forks source link

OAuth 2.0 authentication requires session support when using state #931

Open koral-- opened 6 years ago

koral-- commented 6 years ago

What is the issue or idea you have? OAuth authorization attempt causes the following exception:

Error: OAuth 2.0 authentication requires session support when using state. Did you forget to use express-session middleware?
    at SessionStore.store (/app/node_modules/passport-oauth2/lib/state/session.js:39:39)
    at Strategy.OAuth2Strategy.authenticate (/app/node_modules/passport-oauth2/lib/strategy.js:253:28)
    at attempt (/app/node_modules/passport/lib/middleware/authenticate.js:348:16)
    at authenticate (/app/node_modules/passport/lib/middleware/authenticate.js:349:7)
    at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/app/node_modules/express/lib/router/index.js:317:13)
    at /app/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/app/node_modules/express/lib/router/index.js:335:12)
    at next (/app/node_modules/express/lib/router/index.js:275:10)
    at initialize (/app/node_modules/passport/lib/middleware/initialize.js:53:5)
    at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/app/node_modules/express/lib/router/index.js:317:13)
    at /app/node_modules/express/lib/router/index.js:284:7
    at Function.process_params (/app/node_modules/express/lib/router/index.js:335:12)
    at next (/app/node_modules/express/lib/router/index.js:275:10)
    at expressInit (/app/node_modules/express/lib/middleware/init.js:40:5)

Please provide the steps to reproduce the issue. Open <stf host>/auth/oauth page.

What is the expected behavior? There is no exception.

It seems that issue is related to this commit: https://github.com/openstf/stf/commit/97633327bba361a2cf7448aae8958f1e885308e8#diff-f2e241ad409d0b7d4568ad3ae8f54adeR60

Indeed, starting stf-auth with --oauth-state false works around this issue. Another approach is to add a session support like exception message says. Here is an example: https://github.com/DroidsOnRoids/stf/commit/10fb3f712001b2505886ef72f8014921c86c2c47

I'm not sure what is the best solution. setting oauth-state to false by default? add session support like above or maybe something else? So I'm opening this issue and waiting for suggestions before optionally creating a PR.

sorccu commented 6 years ago

Damn. I've turned it off by default for now. I'm not sure if we want to bring in session cookies. We need to rethink this a bit.

xiaomengheiheihei commented 5 years ago

So how to use state in OAuth 2.0?

amrsa1 commented 4 years ago

same issue any update

amrsa1 commented 4 years ago

same issue happened with me, solved by simple set the env variables in bashrc for outh2 options (ignore state option) file and run the command "stf local ...auth-type auth2" have no idea why but error didn't occur again

koral-- commented 4 years ago

This issue has been (temporarily) solved long time ago: https://github.com/openstf/stf/commit/762b07bc45dda437f2f3889af12910f0d1c7f1a4 So it seems you are either not using latest version or your cause is different.

amrsa1 commented 4 years ago

@koral-- im working on latest version the issue came up when i throw the oauth2 options via terminal, but worked fine with i add these options on env variables