fix: auto-login after signup and context-aware token clearing

This fixes the "Authorization header required for API calls" error during vendor onboarding after signup. Changes: - Generate JWT access token on signup completion - Set vendor_token cookie for page navigation - Return access_token in signup response for localStorage - Store vendor_token in localStorage after signup completion - Make clearTokens() context-aware to prevent cross-portal interference - Fix vendor logout to not clear admin/customer tokens 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-28 18:10:18 +01:00
parent 3c403ab1b8
commit 4298af9f79
6 changed files with 85 additions and 13 deletions
--- a/app/services/platform_signup_service.py
+++ b/app/services/platform_signup_service.py
@@ -96,6 +96,7 @@ class SignupCompletionResult:
    vendor_id: int
    redirect_url: str
    trial_ends_at: str
+    access_token: str | None = None  # JWT token for automatic login


 # =============================================================================
@@ -606,10 +607,23 @@ class PlatformSignupService:
            else datetime.now(UTC) + timedelta(days=30)
        )

-        # Get user for welcome email
+        # Get user for welcome email and token generation
        user_id = session.get("user_id")
        user = db.query(User).filter(User.id == user_id).first() if user_id else None

+        # Generate access token for automatic login after signup
+        access_token = None
+        if user and vendor:
+            # Create vendor-scoped JWT token (user is owner since they just signed up)
+            token_data = self.auth_manager.create_access_token(
+                user=user,
+                vendor_id=vendor.id,
+                vendor_code=vendor.vendor_code,
+                vendor_role="Owner",  # New signup is always the owner
+            )
+            access_token = token_data["access_token"]
+            logger.info(f"Generated access token for new vendor user {user.email}")
+
        # Send welcome email
        if user and vendor:
            tier_code = session.get("tier_code", TierCode.ESSENTIAL.value)
@@ -627,6 +641,7 @@ class PlatformSignupService:
            vendor_id=vendor_id,
            redirect_url=f"/vendor/{vendor_code}/onboarding",
            trial_ends_at=trial_ends_at.isoformat(),
+            access_token=access_token,
        )