revoked access to website for coaches, added web-specific tokens
This commit is contained in:
@ -55,7 +55,10 @@ export function loginPage() {
|
||||
try {
|
||||
const res = await fetch('../api/auth/login', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
'X-QDB-Client': 'web',
|
||||
},
|
||||
body: JSON.stringify({ username, password }),
|
||||
});
|
||||
const json = await res.json();
|
||||
@ -65,6 +68,11 @@ export function loginPage() {
|
||||
return;
|
||||
}
|
||||
const d = json.data;
|
||||
if (d.role === 'coach') {
|
||||
errEl.textContent = 'Coach accounts can only sign in through the mobile app.';
|
||||
errEl.style.display = '';
|
||||
return;
|
||||
}
|
||||
if (d.mustChangePassword) {
|
||||
pendingUsername = username;
|
||||
pendingTempToken = d.token;
|
||||
@ -95,7 +103,10 @@ export function loginPage() {
|
||||
}
|
||||
const oldPw = document.getElementById('password').value;
|
||||
try {
|
||||
const headers = { 'Content-Type': 'application/json' };
|
||||
const headers = {
|
||||
'Content-Type': 'application/json',
|
||||
'X-QDB-Client': 'web',
|
||||
};
|
||||
if (pendingTempToken) {
|
||||
headers['Authorization'] = `Bearer ${pendingTempToken}`;
|
||||
}
|
||||
@ -111,6 +122,11 @@ export function loginPage() {
|
||||
return;
|
||||
}
|
||||
const d = json.data;
|
||||
if (d.role === 'coach') {
|
||||
errEl.textContent = 'Coach accounts can only sign in through the mobile app.';
|
||||
errEl.style.display = '';
|
||||
return;
|
||||
}
|
||||
localStorage.setItem('qdb_token', d.token);
|
||||
localStorage.setItem('qdb_user', d.user);
|
||||
localStorage.setItem('qdb_role', d.role);
|
||||
|
||||
Reference in New Issue
Block a user