From eaad4ca440c1a1e41bc91049d7987ace50e8071b Mon Sep 17 00:00:00 2001 From: Joshua Toliver <jtoliver@quoininc.com> Date: Thu, 5 Dec 2024 16:38:52 -0500 Subject: [PATCH 1/2] R2-3139: Fixing issue where users get signed out after updating their password in profile --- app/controllers/api/v2/users_controller.rb | 5 +++++ spec/requests/api/v2/users_controller_spec.rb | 15 +++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/app/controllers/api/v2/users_controller.rb b/app/controllers/api/v2/users_controller.rb index 812d4f8b98..b0f722dec2 100644 --- a/app/controllers/api/v2/users_controller.rb +++ b/app/controllers/api/v2/users_controller.rb @@ -41,6 +41,7 @@ def update validate_json!(User::USER_FIELDS_SCHEMA, user_params) @user.update_with_properties(@user_params) @user.save! + keep_logged_in end def destroy @@ -73,4 +74,8 @@ def welcome def identity_sync @user.identity_sync(current_user) end + + def keep_logged_in + bypass_sign_in(@user) if @user.saved_change_to_encrypted_password? + end end diff --git a/spec/requests/api/v2/users_controller_spec.rb b/spec/requests/api/v2/users_controller_spec.rb index 977d7a2279..01c2485f3e 100644 --- a/spec/requests/api/v2/users_controller_spec.rb +++ b/spec/requests/api/v2/users_controller_spec.rb @@ -667,6 +667,21 @@ expect(user1.identity_provider.unique_id).to eq(@identity_provider_b.unique_id) end + it 'keeps user signed in when password changed' do + sign_in(@user_d) + params = { + data: { + password: 'primer0!', + password_confirmation: 'primer0!' + } + } + patch("/api/v2/users/#{@user_d.id}", params:) + expect(response).to have_http_status(200) + get('/api/v2/roles') + expect(response).to have_http_status(200) + expect(controller.current_user).to eq(@user_d) + end + it "returns 403 if user isn't authorized to update users" do login_for_test params = { From 05b27b9f1a73dc32d2d430e5f0a1658bcc5f9461 Mon Sep 17 00:00:00 2001 From: Joshua Toliver <jtoliver@quoininc.com> Date: Thu, 5 Dec 2024 16:41:04 -0500 Subject: [PATCH 2/2] Renaming method --- app/controllers/api/v2/users_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/api/v2/users_controller.rb b/app/controllers/api/v2/users_controller.rb index b0f722dec2..574b8130d6 100644 --- a/app/controllers/api/v2/users_controller.rb +++ b/app/controllers/api/v2/users_controller.rb @@ -41,7 +41,7 @@ def update validate_json!(User::USER_FIELDS_SCHEMA, user_params) @user.update_with_properties(@user_params) @user.save! - keep_logged_in + keep_user_signed_in end def destroy @@ -75,7 +75,7 @@ def identity_sync @user.identity_sync(current_user) end - def keep_logged_in + def keep_user_signed_in bypass_sign_in(@user) if @user.saved_change_to_encrypted_password? end end