Comments (16)
Which branch are you using, I thought this was fixed some time ago, but I'll make sure it gets into whatever branch you're using.
Thanks
Andy
On Dec 15, 2014, at 4:44 AM, Alex [email protected] wrote:
Hello, hope that this will really help. I have Calipso working on my 80 port, so some guys constantly are bombing 80 port with proxy-search requests
GET http://www.baidu.com/ HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept: /
Referer: http://www.baidu.com/
Host: www.baidu.com
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
The problem is that when these requests happen, following error crashes the CalipsoCannot read property 'user' of undefined
TypeError: Cannot read property 'user' of undefined
at PermissionFilter.check (C:\calipso\production\lib\core\Permission.js:183:27)
at CalipsoMenu.addMenuItem (C:\calipso\production\lib\core\Menu.js:83:27)
at Object.route (C:\calipso\production\modules\community\geothemes\geothemes.js:96:19)
at routeModule (C:\calipso\production\lib\core\Module.js:133:15)
at iterator (C:\calipso\production\lib\core\Module.js:54:5)
at _asyncMap (C:\calipso\production\node_modules\async\lib\async.js:185:13)
at async.forEach (C:\calipso\production\node_modules\async\lib\async.js:86:13)
at Array.forEach (native)
at _forEach (C:\calipso\production\node_modules\async\lib\async.js:26:24)
at async.forEach (C:\calipso\production\node_modules\async\lib\async.js:85:9)C:\calipso\production\node_modules\step\lib\step.js:39
throw arguments[0];
^
TypeError: Cannot read property 'user' of undefined
at PermissionFilter.check (C:\calipso\production\lib\core\Permission.js:183:27)
at CalipsoMenu.addMenuItem (C:\calipso\production\lib\core\Menu.js:83:27)
at C:\calipso\production\lib\core\Module.js:145:24
at Function.allMatched (C:\calipso\production\lib\core\Router.js:254:11)
at next (C:\calipso\production\node_modules\step\lib\step.js:51:23)
at next.parallel (C:\calipso\production\node_modules\step\lib\step.js:83:14)
at check (C:\calipso\production\node_modules\step\lib\step.js:99:9)
at process.startup.processNextTick.process._tickCallback (node.js:244:9)
I've made a bit of research, and it appears that in the case of these requests object req.session is not initialized, so the application crashes when tries to use it. So, I had to make a terrible, but working fix - in calipso.js, in routingFn() I've put this code:/* Fix for not-initialized session in Express - weird requests cause broken session, so everything that relies upon it - breaks as well. */ if (!req.session) { console.log("Fake session insert"); req.session = { cookie: { path: '/', _expires: '', originalMaxAge: '', httpOnly: true }, user: {isAdmin: false}, fake: true };
I understand that this is an issue of Express or Everyauth library, but maybe there is a known solution for Calipso.
And thanks for a Calipso CMS!
—
Reply to this email directly or view it on GitHub #267.
from calipso.
I am using master branch (yesterday I've checked out fresh 0.3.50 version, and it still was failing at these requests)
from calipso.
I pushed and published a fix to this. I am currently working on the module_refactor which now also contains this fix.
The module refactor branch uses calipso as a normal npm module instead of the current “copy into place kind of thing”
Thanks
Andy
On Dec 15, 2014, at 4:44 AM, Alex [email protected] wrote:
183
from calipso.
BTW: Which authentication are you using? I was unable to readily reproduce the problem, but I could see that the code didn’t double check that req.session was set.
Andy
On Dec 15, 2014, at 4:44 AM, Alex [email protected] wrote:
183
from calipso.
Thanks for an explanation!
So, basically I should migrate to module_refactor branch is order to avoid this error?
I was using basic authentication with login/password stored in the MongoDB without bcrypt (because of Windows operating-system).
from calipso.
I fixed the error in both branches and published a new npm. Eventually i
will migrate the npm to the new branch
Andy
Sent from my iPhone
On Dec 19, 2014, at 12:46 AM, Alex [email protected] wrote:
Thanks for an explanation!
So, basically I should migrate to module_refactor branch is order to avoid
this error?
I was using basic authentication with login/password stored in the MongoDB
without bcrypt (because of Windows operating-system).
—
Reply to this email directly or view it on GitHub
#267 (comment).
from calipso.
This has been fixed.
from calipso.
Well, I guess it is a Windows thing, but I manage to recreate this bug on master and module_refactor freshly-installed branch.
from calipso.
You're still seeing the session problem?
Andy
Sent from my iPhone
On Dec 22, 2014, at 8:42 AM, Alex [email protected] wrote:
Well, I guess it is a Windows thing, but I manage to recreate this bug on
master and module_refactor freshly-installed branch.
—
Reply to this email directly or view it on GitHub
#267 (comment).
from calipso.
Yes, the same problem - the log from the very installation is shown below. The error is thrown because no session is initialized (unable to read _req.session.user_ property)
22 Dec 22:40:39 - info: Installing module content
22 Dec 22:40:39 - info: Installing module contentTypes
22 Dec 22:40:39 - info: Installing module permissions
22 Dec 22:40:39 - info: Installing module user
22 Dec 22:40:39 - info: Content types module installed ...
22 Dec 22:40:39 - info: Content module installed ...
22 Dec 22:40:39 - info: User module installed ...
22 Dec 22:40:39 - info: User Roles sub-module installed ...
22 Dec 22:41:12 - error: Cannot read property 'user' of undefined Calipso Module: user
22 Dec 22:41:12 - info: No Calipso module routes matched the current URL /http://www.baidu.com/
C:\calipso\testrefactor\node_modules\step\lib\step.js:39
throw arguments[0];
^
TypeError: Cannot read property 'user' of undefined
at processTheme (C:\calipso\testrefactor\lib\core\Themes.js:407:30)
at Object.module.exports.Theme.theme.render (C:\calipso\testrefactor\lib\core\Themes.js:132:11)
at doResponse (C:\calipso\testrefactor\lib\core\Module.js:304:19)
at C:\calipso\testrefactor\lib\core\Module.js:186:7
at Function.done (C:\calipso\testrefactor\lib\core\Module.js:273:7)
at next (C:\calipso\testrefactor\node_modules\step\lib\step.js:51:23)
at next.parallel (C:\calipso\testrefactor\node_modules\step\lib\step.js:83:14)
at check (C:\calipso\testrefactor\node_modules\step\lib\step.js:99:9)
at next.group (C:\calipso\testrefactor\node_modules\step\lib\step.js:116:22)
at Function.allMatched (C:\calipso\testrefactor\lib\core\Router.js:269:11)
C:\calipso\testrefactor>
from calipso.
This must be in a second place then. I saw you added an initialization to the session, but that can cause problems with the authentication system.
I wonder how to debug this. Ok. I’ll check out whether I forgot another place to check that both session and session.user is defined.
Andy
On Dec 22, 2014, at 9:23 AM, Alex [email protected] wrote:
Yes, the same problem - the log from the very installation is shown below. The error is thrown because no session is initialized (unable to read req.session.user property)
22 Dec 22:40:39 - info: Installing module content
22 Dec 22:40:39 - info: Installing module contentTypes
22 Dec 22:40:39 - info: Installing module permissions
22 Dec 22:40:39 - info: Installing module user
22 Dec 22:40:39 - info: Content types module installed ...
22 Dec 22:40:39 - info: Content module installed ...
22 Dec 22:40:39 - info: User module installed ...
22 Dec 22:40:39 - info: User Roles sub-module installed ...
22 Dec 22:41:12 - error: Cannot read property 'user' of undefined Calipso Module: user
22 Dec 22:41:12 - info: No Calipso module routes matched the current URL /http://www.baidu.com/C:\calipso\testrefactor\node_modules\step\lib\step.js:39
throw arguments[0];
^
TypeError: Cannot read property 'user' of undefined
at processTheme (C:\calipso\testrefactor\lib\core\Themes.js:407:30)
at Object.module.exports.Theme.theme.render (C:\calipso\testrefactor\lib\core\Themes.js:132:11)
at doResponse (C:\calipso\testrefactor\lib\core\Module.js:304:19)
at C:\calipso\testrefactor\lib\core\Module.js:186:7
at Function.done (C:\calipso\testrefactor\lib\core\Module.js:273:7)
at next (C:\calipso\testrefactor\node_modules\step\lib\step.js:51:23)
at next.parallel (C:\calipso\testrefactor\node_modules\step\lib\step.js:83:14)
at check (C:\calipso\testrefactor\node_modules\step\lib\step.js:99:9)
at next.group (C:\calipso\testrefactor\node_modules\step\lib\step.js:116:22)
at Function.allMatched (C:\calipso\testrefactor\lib\core\Router.js:269:11)C:\calipso\testrefactor>
—
Reply to this email directly or view it on GitHub #267 (comment).
from calipso.
Thanks a lot! I'll try to examine it as well.
from calipso.
I am unable to get into a scenario where the session is undefined. Which URL are you executing when this happens?
Thanks
Andy
On Dec 22, 2014, at 9:56 AM, Alex [email protected] wrote:
Thanks a lot! I'll try to examine it as well.
—
Reply to this email directly or view it on GitHub #267 (comment).
from calipso.
You need to telnet calipso in order to simulate it, the example request was listed in the very ticket. Basically it simulates proxy-search request (pretty bad guys who are doing it).
from calipso.
This seems to actually be a bug in express.session. If the URL doesn't start with / then session will not get defined at all. I added a wrapper to express.session to default the session to {} in that case.
I just pushed this to both branches.
from calipso.
Great that finally figured that out.
from calipso.
Related Issues (20)
- unzipping downloaded themes is broken HOT 2
- Leakage in the session table HOT 1
- calip.so showing 404 HOT 2
- Calipso possibilities HOT 1
- Calip.so website down? HOT 3
- Is this project dead? HOT 16
- 404 HOT 3
- [Security] XSS on usernames HOT 1
- How do you create custom fields? HOT 1
- Server crash on strange / invalid URLs HOT 1
- Calipso has become stuck in install mode. The specific error returned was: failed to connect to [mongodb:27017] HOT 2
- Can't install on Windows 8.1 HOT 5
- after installing calipso globally, when i try to run $ calipso , I get following error. HOT 5
- weird behavior while installastion in ubuntu (some type of string escaping errors) HOT 5
- Community modules
- Is this project maintained? HOT 1
- Website offline :- ( HOT 3
- Use template-literal instead of EJS
- testing
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from calipso.