diff --git a/controllers/auth_on_code_platform.go b/controllers/auth_on_code_platform.go index 48ffc89..f96c43c 100644 --- a/controllers/auth_on_code_platform.go +++ b/controllers/auth_on_code_platform.go @@ -92,14 +92,15 @@ func (this *AuthController) Callback() { rs(errSystemError, err) return } - this.setCookies(map[string]string{apiAccessToken: at}, true) + + cookies := map[string]string{"action": purpose, "platform": platform} if permission == PermissionIndividualSigner { - this.setCookies(map[string]string{ - "sign_user": pl.User, - "sign_email": pl.Email, - }, false) + cookies["sign_user"] = pl.User + cookies["sign_email"] = pl.Email } + this.setCookies(cookies, false) + this.redirect(authHelper.WebRedirectDir(true)) } @@ -160,7 +161,7 @@ func (this *AuthController) Auth() { return } - this.sendSuccessResp(map[string]string{"access_token": at}) + this.sendSuccessResp(map[string]string{apiAccessToken: at}) } func (this *AuthController) genACPayload(platform, permission, platformToken string) (*acForCodePlatformPayload, string, error) { diff --git a/controllers/base-controller.go b/controllers/base-controller.go index 18bc2b2..0fbb678 100644 --- a/controllers/base-controller.go +++ b/controllers/base-controller.go @@ -219,9 +219,13 @@ func (this *baseController) newAccessController(permission string) *accessContro } func (this *baseController) checkApiReqToken(ac *accessController, permission []string) *failedApiResult { - token := this.Ctx.Input.Cookie(apiAccessToken) + // Fetch token from Header firstly to avoid fetching wrong token when changing to login as corp manager + // from community manager. Because the token exists in the cookie always. + token := this.apiReqHeader(apiHeaderToken) if token == "" { - return newFailedApiResult(401, errMissingToken, fmt.Errorf("no token passed")) + if token = this.Ctx.Input.Cookie(apiAccessToken); token == "" { + return newFailedApiResult(401, errMissingToken, fmt.Errorf("no token passed")) + } } if err := ac.parseToken(token, config.AppConfig.APITokenKey); err != nil { diff --git a/controllers/util.go b/controllers/util.go index 4bbf8e4..b2456f5 100644 --- a/controllers/util.go +++ b/controllers/util.go @@ -17,6 +17,7 @@ import ( ) const ( + apiHeaderToken = "Token" apiAccessToken = "access_token" apiAccessController = "access_controller" contentTypeOfPDF = "application/pdf"