Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replace passport server-side sessions with cookie session #349

Merged
merged 5 commits into from
Oct 2, 2018

Conversation

impactmass
Copy link
Contributor

Resolves #344
Impact: major
Type: feature+bugfix

Issue

Our staging deploy of Starterkit fails to complete the OAuth flow. You either get a Forbidden error message or are not able to login.

This is believed to be caused session management issues. The current Passport setup uses express-session which by default stores sessions in memory, which is a problem when the app is deployed on many instances.

Solution

Make Passport use cookies to store session state (this was our previous setup before the addition of the OAuth flow). So the solution here is to update the Passport configuration to use cookies.

Testing

  1. Test the OAuth flow, and confirm that you can log in and log out.
  • If possible, we can/should also deploy this branch and test with the multi-instance server setup.

@@ -13,10 +13,11 @@ KEYCLOAK_REDIRECT_URI=http://localhost:4000/auth
STRIPE_PUBLIC_API_KEY=ENTER_STRIPE_PUBLIC_KEY_HERE
OAUTH2_AUTH_URL=http://localhost:4444/oauth2/auth
OAUTH2_TOKEN_URL=http://hydra:4444/oauth2/token
HYDRA_ADMIN_URL=http://hydra:4445
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unrelated to this PR, but discovered this unused env var. It shouldn't be here anymore.

@@ -46,8 +46,8 @@
"chalk": "^2.3.2",
"classnames": "^2.2.5",
"cookie-parser": "^1.4.3",
"cookie-session": "^2.0.0-beta.3",
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

-beta.3 is their latest version for about a year.

screen shot 2018-10-01 at 1 27 41 pm

I'm not sure if to stay on this version or use a previous. Or maybe consider another package? suggestions welcomed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also saw some errors in Snyk. I haven't looked well, but it looks like they are from nextjs and not the addition of this package.

@impactmass impactmass requested a review from aldeed October 1, 2018 13:45
@aldeed aldeed added this to the North Maroon milestone Oct 1, 2018
Copy link
Contributor

@aldeed aldeed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested this pretty thoroughly and I believe it's working as intended.

On develop:

  1. Start storefront container
  2. Log in
  3. Restart storefront container
  4. Refresh page and I'm no longer logged in

On this branch:

  1. Start storefront container
  2. Log in
  3. Restart storefront container
  4. Refresh page and I am still logged in

@aldeed aldeed merged commit c847b4a into develop Oct 2, 2018
@aldeed aldeed deleted the fix-344-impactmass-cookie-passport branch October 2, 2018 01:20
This was referenced Jan 15, 2019
@spencern spencern mentioned this pull request Jan 25, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Not able to complete authentication on staging deploy
2 participants