Fix auth session persistence: add credentials:include to fetch and session

Fork: 0

root / smart-home-server

Browse code Fix auth session persistence: add credentials:include to fetch and session_start to auth flow - http.js: add credentials: 'include' to fetch() so cookies are sent with every API request (fixes /auth/me returning 401 after callback) - AuthControllerTrait::resolve_user(): ensure session_start() before reading - AuthController::callback(): ensure session_start() before writing - AuthService::handleCallback(): defer DB token persistence until local user ID is resolved; store temp token data in session - UserResolver: fix lastInsertId() method name, remove avatarUrl() call (use profile array instead) This fixes the loop where user was redirected back to /login after successful OAuth callback because PHP session cookie was not sent with the /auth/me request. master
1 parent eca5ba2 commit 402e195e8fa46e4f65b247930e2c410fbe87a7b2 Eugene Sukhodolskiy authored 10 hours ago

Browse code

Fix auth session persistence: add credentials:include to fetch and session_start to auth flow

- http.js: add credentials: 'include' to fetch() so cookies are sent
  with every API request (fixes /auth/me returning 401 after callback)
- AuthControllerTrait::resolve_user(): ensure session_start() before
  reading
- AuthController::callback(): ensure session_start() before writing

- AuthService::handleCallback(): defer DB token persistence until
  local user ID is resolved; store temp token data in session
- UserResolver: fix lastInsertId() method name, remove avatarUrl()
  call (use profile array instead)

This fixes the loop where user was redirected back to /login after
successful OAuth callback because PHP session cookie was not sent
with the /auth/me request.

master

1 parent eca5ba2 commit 402e195e8fa46e4f65b247930e2c410fbe87a7b2

Eugene Sukhodolskiy authored 10 hours ago

Patch

Unified Split

Showing 6 changed files

Ignore Space Show notes View server/SHServ/Controllers/AuthController.php

Ignore Space Show notes View server/SHServ/Integrations/GAuth/AuthControllerTrait.php

Ignore Space Show notes View server/SHServ/Integrations/GAuth/AuthService.php

Ignore Space Show notes View server/SHServ/Integrations/GAuth/Store/DbTokenStore.php

Ignore Space Show notes View server/SHServ/Integrations/GAuth/UserResolver.php

Ignore Space Show notes View webclient/src/api/http.js

Show line notes below