Files
drivetimeplaner/www/fahrschuldesk.de/dist/assets/ForgotPassword-BnefAgO5.js
Hermes Agent 5d87e4975c Add HttpOnly cookie auth for cross-domain SPA login
Problem: Frontend JS bundle used credentials:'same-origin' which
dropped cookies on cross-domain requests. Login worked (200) but
the subsequent /auth/me check returned 401, leaving the user stuck
on the login screen.

Fix:
- AuthController now sets a dtp_jwt HttpOnly cookie on login/refresh
- Cookie uses Domain=.fahrschultermin.de (shared between frontend
  and api subdomain), Secure, SameSite=Lax, Max-Age=8h
- JwtMiddleware reads JWT from Authorization header OR cookie
- Added AuthController::me() endpoint (was missing, caused 500)
- Logout endpoint clears the cookie
- Frontend index.php patches fetch() to use credentials:'include'
  for all /api/v1/* calls
2026-06-04 20:33:31 +02:00

2 lines
2.4 KiB
JavaScript
Executable File

import{f as i,b as t,g as v,B as x,A as f,y as b,n as g,t as o,e as h,h as d,i as y,z as w,k as l,m as k,j as u,a as _}from"./index-CeMVzSB6.js";const z={class:"min-h-screen flex items-center justify-center bg-gradient-to-br from-slate-100 to-slate-200 px-4"},S={class:"w-full max-w-md"},M={class:"bg-white rounded-2xl shadow-xl p-8"},V=["disabled"],B={class:"text-center text-sm text-slate-500 mt-6"},N={__name:"ForgotPassword",setup(C){const n=l(""),a=l(!1),s=l(""),r=l(!1);async function m(){a.value=!0,s.value="";try{await _.post("/auth/forgot-password",{email:n.value}),r.value=!0,s.value="Wenn die E-Mail existiert, erhalten Sie einen Link zum Zurücksetzen."}catch{r.value=!0,s.value="Wenn die E-Mail existiert, erhalten Sie einen Link zum Zurücksetzen."}finally{a.value=!1}}return(E,e)=>{const c=k("router-link");return u(),i("div",z,[t("div",S,[t("div",M,[e[4]||(e[4]=v('<div class="text-center mb-6"><div class="inline-flex items-center justify-center w-14 h-14 rounded-xl bg-primary mb-4"><svg class="w-8 h-8 text-white" fill="none" stroke="currentColor" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M15 7a2 2 0 012 2m4 0a6 6 0 01-7.743 5.743L11 17H9v2H7v2H4a1 1 0 01-1-1v-2.586a1 1 0 01.293-.707l5.964-5.964A6 6 0 1121 9z"></path></svg></div><h2 class="text-xl font-bold text-slate-800">Passwort vergessen?</h2><p class="text-slate-500 text-sm mt-1">Kein Problem. Geben Sie Ihre E-Mail ein.</p></div>',1)),t("form",{onSubmit:x(m,["prevent"]),class:"space-y-4"},[t("div",null,[e[1]||(e[1]=t("label",{class:"block text-sm font-medium text-slate-700 mb-1"},"E-Mail",-1)),f(t("input",{"onUpdate:modelValue":e[0]||(e[0]=p=>n.value=p),type:"email",required:"",placeholder:"ihre@email.de",class:"w-full px-4 py-2.5 rounded-lg border border-slate-300 focus:ring-2 focus:ring-primary focus:border-primary outline-none"},null,512),[[b,n.value]])]),s.value?(u(),i("div",{key:0,class:g(["p-3 rounded-lg text-sm",r.value?"bg-green-50 text-green-600":"bg-red-50 text-red-600"])},o(s.value),3)):h("",!0),t("button",{type:"submit",disabled:a.value,class:"w-full py-3 px-4 bg-primary text-white font-medium rounded-lg hover:bg-primary-600 disabled:opacity-50"},o(a.value?"Senden...":"Link senden"),9,V)],32),t("p",B,[e[3]||(e[3]=d(" Zurück zum ",-1)),y(c,{to:"/login",class:"text-primary hover:underline"},{default:w(()=>[...e[2]||(e[2]=[d("Login",-1)])]),_:1})])])])])}}};export{N as default};