From edc0a58a540595df9c8550c1cfca5387067885c7 Mon Sep 17 00:00:00 2001 From: rain Date: Sat, 11 Jul 2026 09:41:32 +0800 Subject: [PATCH] fix: accept access token response --- ...c-api-page-integration-tracker-2026-07-09.md | 2 +- .../2026-07-11-auth-to-profile-flow-design.md | 2 +- tests/api-client.test.js | 17 +++++++++++++++++ utils/ApiClient.js | 2 +- 4 files changed, 20 insertions(+), 3 deletions(-) diff --git a/docs/pc-api-page-integration-tracker-2026-07-09.md b/docs/pc-api-page-integration-tracker-2026-07-09.md index b9efbbf..de8f9be 100644 --- a/docs/pc-api-page-integration-tracker-2026-07-09.md +++ b/docs/pc-api-page-integration-tracker-2026-07-09.md @@ -306,6 +306,6 @@ - 页面范围:`register.html`、`login.html`、`profile.html`、`profile-data.html` - 接口范围:`/genealogy/pc/auth/register`、`/genealogy/pc/auth/login`、`/genealogy/pc/auth/login/sms`、`/genealogy/pc/auth/profile`、`/genealogy/pc/auth/logout` - 地址契约:运行时唯一来源为 `config.js`;当前开发和生产地址均为 `http://182.61.18.23:8080`。 -- 流程结果:注册成功清除 token 并跳转 `login.html`;密码和短信登录必须取得 token 后跳转 `profile.html`;个人资料无 token 或收到 HTTP/业务 `401` 时清 token 并跳转 `index.html`;确认退出无论接口结果都清 token 并跳转 `index.html`。 +- 流程结果:注册成功清除 token 并跳转 `login.html`;当前登录响应从 `data.access_token` 取 JWT,且兼容 `token`、`accessToken`、`tokenValue` 后跳转 `profile.html`;个人资料无 token 或收到 HTTP/业务 `401` 时清 token 并跳转 `index.html`;确认退出无论接口结果都清 token 并跳转 `index.html`。 - 修改文件:`tests/config.test.js`、`tests/utils.test.js`、`utils/ApiClient.js`、`tests/api-client.test.js`、`public/js/profile-pages.js`、`public/js/profile-common.js`、`profile.html`、`tests/profile-pages.test.js`、`tests/profile-logout-structure.test.js`。 - 验证结果:`node tests/config.test.js`、`node tests/utils.test.js`、`node tests/api-client.test.js`、`node tests/auth-pages.test.js`、`node tests/profile-pages.test.js`、`node tests/profile-logout-structure.test.js`、`node --check utils/ApiClient.js`、`node --check public/js/profile-pages.js`、`node --check public/js/profile-common.js` 和全量 Node 测试均通过。 diff --git a/docs/superpowers/specs/2026-07-11-auth-to-profile-flow-design.md b/docs/superpowers/specs/2026-07-11-auth-to-profile-flow-design.md index cf80970..1e74f97 100644 --- a/docs/superpowers/specs/2026-07-11-auth-to-profile-flow-design.md +++ b/docs/superpowers/specs/2026-07-11-auth-to-profile-flow-design.md @@ -16,7 +16,7 @@ Complete the PC journey from registration through login and personal-profile ret `utils/ApiClient.js` owns token persistence under `genealogy_auth_token`. -1. Successful password login and SMS login must receive a nonempty response token, persist it, and then allow navigation to `profile.html`. +1. Successful password login and SMS login must receive a nonempty response token, persist it, and then allow navigation to `profile.html`. The current backend response uses `data.access_token`; the client also accepts `token`, `accessToken`, and `tokenValue` for declared compatibility. 2. A login response without a token is an authentication failure. The login page remains in place and no profile navigation occurs. 3. Successful registration removes any existing token and navigates to `login.html`. Registration never persists a response token. 4. A failed registration leaves existing token storage unchanged. diff --git a/tests/api-client.test.js b/tests/api-client.test.js index 03e9362..d55ce42 100644 --- a/tests/api-client.test.js +++ b/tests/api-client.test.js @@ -178,6 +178,23 @@ async function run() { ); assert.strictEqual(missingTokenStore.getItem('token-key'), null); + const snakeTokenStore = createStore(); + const snakeTokenClient = GenealogyApi.createClient({ + baseUrl: 'http://182.61.18.23:8080', + clientId: 'client-x', + tenantId: 'tenant-x', + tokenKey: 'token-key', + tokenStore: snakeTokenStore, + axiosInstance: { + request: async () => ({ + status: 200, + data: { code: 200, data: { access_token: 'snake-token' } } + }) + } + }); + await snakeTokenClient.login({ phone: '13800000000', password: 'md5' }); + assert.strictEqual(snakeTokenStore.getItem('token-key'), 'snake-token'); + store.setItem('token-key', 'logout-token'); await client.logout(); assert.strictEqual(calls[9].url, '/genealogy/pc/auth/logout'); diff --git a/utils/ApiClient.js b/utils/ApiClient.js index 4a772b4..8972f81 100644 --- a/utils/ApiClient.js +++ b/utils/ApiClient.js @@ -52,7 +52,7 @@ function getTokenFromResponse(data) { // 登录响应兼容后端已声明的多种 token 字段。 if (!data) return ''; - return data.token || data.accessToken || data.tokenValue || ''; + return data.token || data.accessToken || data.access_token || data.tokenValue || ''; } function requireLoginToken(data) {