From eaad4ca440c1a1e41bc91049d7987ace50e8071b Mon Sep 17 00:00:00 2001
From: Joshua Toliver <jtoliver@quoininc.com>
Date: Thu, 5 Dec 2024 16:38:52 -0500
Subject: [PATCH 1/2] R2-3139: Fixing issue where users get signed out after
 updating their password in profile

---
 app/controllers/api/v2/users_controller.rb    |  5 +++++
 spec/requests/api/v2/users_controller_spec.rb | 15 +++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/app/controllers/api/v2/users_controller.rb b/app/controllers/api/v2/users_controller.rb
index 812d4f8b98..b0f722dec2 100644
--- a/app/controllers/api/v2/users_controller.rb
+++ b/app/controllers/api/v2/users_controller.rb
@@ -41,6 +41,7 @@ def update
     validate_json!(User::USER_FIELDS_SCHEMA, user_params)
     @user.update_with_properties(@user_params)
     @user.save!
+    keep_logged_in
   end
 
   def destroy
@@ -73,4 +74,8 @@ def welcome
   def identity_sync
     @user.identity_sync(current_user)
   end
+
+  def keep_logged_in
+    bypass_sign_in(@user) if @user.saved_change_to_encrypted_password?
+  end
 end
diff --git a/spec/requests/api/v2/users_controller_spec.rb b/spec/requests/api/v2/users_controller_spec.rb
index 977d7a2279..01c2485f3e 100644
--- a/spec/requests/api/v2/users_controller_spec.rb
+++ b/spec/requests/api/v2/users_controller_spec.rb
@@ -667,6 +667,21 @@
       expect(user1.identity_provider.unique_id).to eq(@identity_provider_b.unique_id)
     end
 
+    it 'keeps user signed in when password changed' do
+      sign_in(@user_d)
+      params = {
+        data: {
+          password: 'primer0!',
+          password_confirmation: 'primer0!'
+        }
+      }
+      patch("/api/v2/users/#{@user_d.id}", params:)
+      expect(response).to have_http_status(200)
+      get('/api/v2/roles')
+      expect(response).to have_http_status(200)
+      expect(controller.current_user).to eq(@user_d)
+    end
+
     it "returns 403 if user isn't authorized to update users" do
       login_for_test
       params = {

From 05b27b9f1a73dc32d2d430e5f0a1658bcc5f9461 Mon Sep 17 00:00:00 2001
From: Joshua Toliver <jtoliver@quoininc.com>
Date: Thu, 5 Dec 2024 16:41:04 -0500
Subject: [PATCH 2/2] Renaming method

---
 app/controllers/api/v2/users_controller.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/controllers/api/v2/users_controller.rb b/app/controllers/api/v2/users_controller.rb
index b0f722dec2..574b8130d6 100644
--- a/app/controllers/api/v2/users_controller.rb
+++ b/app/controllers/api/v2/users_controller.rb
@@ -41,7 +41,7 @@ def update
     validate_json!(User::USER_FIELDS_SCHEMA, user_params)
     @user.update_with_properties(@user_params)
     @user.save!
-    keep_logged_in
+    keep_user_signed_in
   end
 
   def destroy
@@ -75,7 +75,7 @@ def identity_sync
     @user.identity_sync(current_user)
   end
 
-  def keep_logged_in
+  def keep_user_signed_in
     bypass_sign_in(@user) if @user.saved_change_to_encrypted_password?
   end
 end