From 0e74dd7d7c576248e698f6d53bf769f6b02d2450 Mon Sep 17 00:00:00 2001
From: Mark VanLandingham <mark.vanlandingham@discourse.org>
Date: Fri, 17 Apr 2020 13:39:04 -0500
Subject: [PATCH] FIX: Set user timezone on password reset login (#9461)

---
 .../discourse/controllers/password-reset.js          |  3 ++-
 app/controllers/users_controller.rb                  |  1 +
 spec/requests/users_controller_spec.rb               | 12 ++++++++++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/app/assets/javascripts/discourse/controllers/password-reset.js b/app/assets/javascripts/discourse/controllers/password-reset.js
index dcb1931ac0e..efdf9db0ae0 100644
--- a/app/assets/javascripts/discourse/controllers/password-reset.js
+++ b/app/assets/javascripts/discourse/controllers/password-reset.js
@@ -54,7 +54,8 @@ export default Controller.extend(PasswordValidation, {
           password: this.accountPassword,
           second_factor_token:
             this.securityKeyCredential || this.secondFactorToken,
-          second_factor_method: this.secondFactorMethod
+          second_factor_method: this.secondFactorMethod,
+          timezone: moment.tz.guess()
         }
       })
         .then(result => {
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 29d7bc99637..80583ad79b0 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -641,6 +641,7 @@ class UsersController < ApplicationController
       # if we have run into no errors then the user is a-ok to
       # change the password
       if @user.errors.empty?
+        @user.update_timezone_if_missing(params[:timezone]) if params[:timezone]
         @user.password = params[:password]
         @user.password_required!
         @user.user_auth_tokens.destroy_all
diff --git a/spec/requests/users_controller_spec.rb b/spec/requests/users_controller_spec.rb
index 507c28f9101..9bb8992c709 100644
--- a/spec/requests/users_controller_spec.rb
+++ b/spec/requests/users_controller_spec.rb
@@ -279,6 +279,18 @@ describe UsersController do
         expect(response).to redirect_to(wizard_path)
       end
 
+      it "sets the users timezone if the param is present" do
+        user = Fabricate(:admin)
+        UserAuthToken.generate!(user_id: user.id)
+
+        token = user.email_tokens.create(email: user.email).token
+        get "/u/password-reset/#{token}"
+
+        expect(user.user_option.timezone).to eq(nil)
+        put "/u/password-reset/#{token}", params: { password: 'hg9ow8yhg98oadminlonger', timezone: "America/Chicago" }
+        expect(user.user_option.reload.timezone).to eq("America/Chicago")
+      end
+
       it "logs the password change" do
         user = Fabricate(:admin)
         UserAuthToken.generate!(user_id: user.id)