[nodebb-plugin-session-sharing] how to install?



  • Hi there, i have installed this plugin to bring my current userbase into a nodebb-forum.

    anyways, in the admin-area its shown as activated. but everytime when i start nodebb following error occurs:

    [session-sharing] JWT Secret not found, session sharing disabled.
    

    i looked up where it fires this error. its in library.js at line 364. seems like it tries to look inside /NodeBB/src/meta/settings.js for a "session-sharing" object?

    my node-server and nodebb are running locally. i have already figured out how to deliver a cookie between those different instances.

    did i messed something up in the setup, or do i have to additionally paste some things to specific places?


  • Global Moderator

    @Pav check the acp for a session sharing settings page under the plugins section.



  • yep, i think there is the problem. because the plugin didn't moved the needed templates into the template-directory. the plugin itself contains all the needed templates and functions, but at the wrong place, so nodebb don't access them?

    here is how my admin-control-panel looks like and the consol-output when i click on "Session Sharing":
    0_1485320364083_acp-session-sharing.png

    when i move the template myself into the needed directory, it will show up but stay without functionality 😞 😰


  • Global Moderator

    @Pav run ./nodebb stop && ./nodebb build && ./nodebb start and try again



  • yeaj it did the job! now i'm feeling stupid lol. thank you so much! @PitaJ

    plugin work fine so far. great that you guys build something like this!



  • @pav Hi, I found this thread through a google search... I see you had success with the plugin, I could use some help understanding how to provide the cookie in the login response. Could you describe what you did in the server side code? It would be hugely appreciated.


  • Admin

    The cookie is saved not in the NodeBB code itself, but on your service, which is why the plugin can't really do anything but advise you on what to set in the cookie itself.

    Depending on what language you use on your app, the actual steps on creating a cookie differ...



  • @julian It's a NodeJS app. Here is my code. It currently makes the site go down. (I don't know what I'm doing when it comes to the passport module.)

    var express = require('express');
    var router = express.Router();
    var passport = require('passport');
    var jwt = require('jsonwebtoken');
    ...
    
    router.post(
        '/login',
        usermw.getUserByBodyUsername,
        function( req, res, next ) {
            // The shared login plugin for nodebb expects this JWT-encoded cookie.  Here we create it and pass it to the browser...
            var secretKey = "0281759e-3f80-11e8-b467-0ed5f89f718b";
            var payload = {
                id: req.user._id,
                firstName: req.user.first_name,
                lastName: req.user.last_name
                // iss: "https://www.rebuiltparishassociation.com/",
            };
            var jwtvalue = jwt.sign( payload, secretKey );
            res.cookie( 'login', jwtvalue, { /* maxAge: 900000, */  httpOnly: true });
        },
        passport.authenticate(
            'local',
            {
                successRedirect:'/about',
                failureRedirect:'/login',
                failureFlash: true,
                failureMessage: "Invalid username or password"
            }
        )
    );
    

  • Admin

    Can't really debug as I don't know your app, but if there's a stack trace, it'll show the problem, likely.

    Also you probably want to set the cookie after passport does its local authentication, otherwise a malicious user can attempt to log into an account using a wrong password, but still get a valid jwt, and then log into the nodebb forum under that account.


 

| |