Problem: Frontend JS bundle used credentials:'same-origin' which dropped cookies on cross-domain requests. Login worked (200) but the subsequent /auth/me check returned 401, leaving the user stuck on the login screen. Fix: - AuthController now sets a dtp_jwt HttpOnly cookie on login/refresh - Cookie uses Domain=.fahrschultermin.de (shared between frontend and api subdomain), Secure, SameSite=Lax, Max-Age=8h - JwtMiddleware reads JWT from Authorization header OR cookie - Added AuthController::me() endpoint (was missing, caused 500) - Logout endpoint clears the cookie - Frontend index.php patches fetch() to use credentials:'include' for all /api/v1/* calls
32 lines
1.0 KiB
PHP
Executable File
32 lines
1.0 KiB
PHP
Executable File
<?php
|
|
// test_json_input.php
|
|
const BASE_PATH = __DIR__;
|
|
spl_autoload_register(static function (string $class): void {
|
|
$prefix = 'App\\';
|
|
if (!str_starts_with($class, $prefix)) return;
|
|
$relativeClass = substr($class, strlen($prefix));
|
|
$path = BASE_PATH . '/app/' . str_replace('\\', '/', $relativeClass) . '.php';
|
|
if (is_file($path)) require_once $path;
|
|
});
|
|
|
|
$config = require BASE_PATH . '/config/app.php';
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
$_SERVER['REQUEST_URI'] = '/api/v1/auth/login';
|
|
$_SERVER['HTTP_HOST'] = 'api.fahrschultermin.de';
|
|
$_SERVER['HTTPS'] = 'on';
|
|
$_SERVER['CONTENT_TYPE'] = 'application/json';
|
|
|
|
// Simulate POST body
|
|
$stdin = fopen('php://memory', 'r+');
|
|
fwrite($stdin, json_encode(['email' => 'admin@nordring.test', 'password' => 'secret123']));
|
|
rewind($stdin);
|
|
|
|
$_SERVER['REQUEST_METHOD'] = 'POST';
|
|
|
|
$request = new \App\Support\Request();
|
|
$input = $request->input();
|
|
|
|
echo "Input: " . json_encode($input) . "\n";
|
|
echo "email: " . ($input['email'] ?? 'NULL') . "\n";
|
|
echo "password: " . ($input['password'] ?? 'NULL') . "\n"; |