From 7820dd2b8f577ac6abff5bd3b356271898d58450 Mon Sep 17 00:00:00 2001
From: Alan Guo Xiang Tan <gxtan1990@gmail.com>
Date: Fri, 16 May 2025 15:09:03 +0800
Subject: [PATCH] FIX: Reset password link broken for non-staff user in confirm
 session dialog (#32765)

---
 .../dialog-messages/confirm-session.gjs       |  5 +----
 .../javascripts/discourse/app/models/user.js  |  3 +--
 .../page_objects/modals/confirm_session.rb    | 22 +++++++++++++++++++
 .../pages/user_preferences_security.rb        | 10 ++++++---
 .../user_preferences_security_spec.rb         | 13 +++++++++--
 5 files changed, 42 insertions(+), 11 deletions(-)
 create mode 100644 spec/system/page_objects/modals/confirm_session.rb

diff --git a/app/assets/javascripts/discourse/app/components/dialog-messages/confirm-session.gjs b/app/assets/javascripts/discourse/app/components/dialog-messages/confirm-session.gjs
index 492eeb7c5fa..93124226fc8 100644
--- a/app/assets/javascripts/discourse/app/components/dialog-messages/confirm-session.gjs
+++ b/app/assets/javascripts/discourse/app/components/dialog-messages/confirm-session.gjs
@@ -93,10 +93,7 @@ export default class ConfirmSession extends Component {
   @action
   async sendPasswordResetEmail() {
     try {
-      const result = await ajax("/session/forgot_password.json", {
-        data: { login: this.currentUser.username },
-        type: "POST",
-      });
+      const result = await this.currentUser.changePassword();
 
       if (result.success) {
         this.errorMessage = null;
diff --git a/app/assets/javascripts/discourse/app/models/user.js b/app/assets/javascripts/discourse/app/models/user.js
index 5a8fbd20011..96622abff22 100644
--- a/app/assets/javascripts/discourse/app/models/user.js
+++ b/app/assets/javascripts/discourse/app/models/user.js
@@ -585,8 +585,7 @@ export default class User extends RestModel.extend(Evented) {
   }
 
   changePassword() {
-    return ajax("/session/forgot_password", {
-      dataType: "json",
+    return ajax("/session/forgot_password.json", {
       data: { login: this.email || this.username },
       type: "POST",
     });
diff --git a/spec/system/page_objects/modals/confirm_session.rb b/spec/system/page_objects/modals/confirm_session.rb
new file mode 100644
index 00000000000..9ae355764cd
--- /dev/null
+++ b/spec/system/page_objects/modals/confirm_session.rb
@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module PageObjects
+  module Modals
+    class ConfirmSession < PageObjects::Pages::Base
+      def click_forgot_password
+        find(".confirm-session .confirm-session__reset-btn").click
+        self
+      end
+
+      def has_forgot_password_email_sent?
+        has_css?(".confirm-session .confirm-session__reset-email-sent")
+      end
+
+      def submit_password(password)
+        find(".confirm-session input#password").fill_in(with: password)
+        find(".confirm-session .btn-primary:not([disabled])").click
+        self
+      end
+    end
+  end
+end
diff --git a/spec/system/page_objects/pages/user_preferences_security.rb b/spec/system/page_objects/pages/user_preferences_security.rb
index 6dbbc8538bd..6dc59119974 100644
--- a/spec/system/page_objects/pages/user_preferences_security.rb
+++ b/spec/system/page_objects/pages/user_preferences_security.rb
@@ -8,10 +8,14 @@ module PageObjects
         self
       end
 
-      def visit_second_factor(user, password)
+      def click_manage_2fa_authentication
         click_button "Manage Two-Factor Authentication"
-        find(".confirm-session input#password").fill_in(with: password)
-        find(".confirm-session .btn-primary:not([disabled])").click
+        PageObjects::Modals::ConfirmSession.new
+      end
+
+      def visit_second_factor(user, password)
+        click_manage_2fa_authentication.submit_password(password)
+
         expect(page).to have_current_path("/u/#{user.username}/preferences/second-factor")
         self
       end
diff --git a/spec/system/user_page/user_preferences_security_spec.rb b/spec/system/user_page/user_preferences_security_spec.rb
index 4aca98a98a1..1b0ca121bea 100644
--- a/spec/system/user_page/user_preferences_security_spec.rb
+++ b/spec/system/user_page/user_preferences_security_spec.rb
@@ -21,8 +21,17 @@ describe "User preferences | Security", type: :system do
   shared_examples "security keys" do
     it "adds a 2FA security key and logs in with it" do
       with_virtual_authenticator do
-        user_preferences_security_page.visit(user)
-        user_preferences_security_page.visit_second_factor(user, password)
+        confirm_session_modal =
+          user_preferences_security_page
+            .visit(user)
+            .click_manage_2fa_authentication
+            .click_forgot_password
+
+        expect(confirm_session_modal).to have_forgot_password_email_sent
+
+        confirm_session_modal.submit_password(password)
+
+        expect(page).to have_current_path("/u/#{user.username}/preferences/second-factor")
 
         find(".security-key .new-security-key").click
         expect(user_preferences_security_page).to have_css("input#security-key-name")