From 545870bb16851ec7a40d4a2e6bf56f5817c7ebef Mon Sep 17 00:00:00 2001
From: John Blackbourn <johnbillion@gmail.com>
Date: Thu, 16 Jan 2025 15:25:22 +0100
Subject: [PATCH] Tests.

---
 tests/phpunit/tests/user.php | 63 ++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)

diff --git a/tests/phpunit/tests/user.php b/tests/phpunit/tests/user.php
index 884200530f1d9..e9743eae63bde 100644
--- a/tests/phpunit/tests/user.php
+++ b/tests/phpunit/tests/user.php
@@ -63,9 +63,36 @@ public static function wpSetUpBeforeClass( WP_UnitTest_Factory $factory ) {
 	public function set_up() {
 		parent::set_up();
 
+		add_action( 'set_auth_cookie',      array( $this, 'action_set_auth_cookie' ), 10, 6 );
+		add_action( 'set_logged_in_cookie', array( $this, 'action_set_logged_in_cookie' ), 10 );
+		add_action( 'clear_auth_cookie',    array( $this, 'action_clear_auth_cookie' ) );
+
+		$_COOKIE = [];
 		$this->author = clone self::$_author;
 	}
 
+	final public function action_set_auth_cookie(
+		string $cookie,
+		int $expire,
+		int $expiration,
+		int $user_id,
+		string $scheme,
+		string $token
+	): void {
+		$_COOKIE[ SECURE_AUTH_COOKIE ] = $cookie;
+		$_COOKIE[ AUTH_COOKIE ] = $cookie;
+	}
+
+	final public function action_set_logged_in_cookie( string $cookie ): void {
+		$_COOKIE[ LOGGED_IN_COOKIE ] = $cookie;
+	}
+
+	final public function action_clear_auth_cookie(): void {
+		unset( $_COOKIE[ LOGGED_IN_COOKIE ] );
+		unset( $_COOKIE[ SECURE_AUTH_COOKIE ] );
+		unset( $_COOKIE[ AUTH_COOKIE ] );
+	}
+
 	public function test_get_users_of_blog() {
 		// Add one of each user role.
 		$nusers = array(
@@ -1122,6 +1149,42 @@ public function test_changing_password_invalidates_password_reset_key() {
 		$this->assertEmpty( $user->user_activation_key );
 	}
 
+	/**
+	 * @ticket 61366
+	 * @dataProvider data_remember_user
+	 */
+	public function test_changing_own_password_retains_current_session( bool $remember ) {
+		$user    = $this->author;
+		$manager = WP_Session_Tokens::get_instance( $user->ID );
+		$expiry  = $remember ? ( 2 * WEEK_IN_SECONDS ) : ( 2 * DAY_IN_SECONDS );
+		$token   = $manager->create( time() + $expiry );
+		$pass    = $user->user_pass;
+
+		wp_set_current_user( $user->ID );
+		wp_set_auth_cookie( $user->ID, $remember, '', $token );
+
+		$userdata = array(
+			'ID'        => $user->ID,
+			'user_pass' => 'my_new_password',
+		);
+		$updated = wp_update_user( $userdata, $manager );
+		$valid   = wp_validate_auth_cookie();
+		$cookie  = wp_parse_auth_cookie();
+
+		$this->assertNotWPError( $updated );
+		$this->assertNotSame( $pass, get_userdata( $user->ID )->user_pass );
+		$this->assertSame( $user->ID, $valid );
+		$this->assertSame( $token, $cookie['token'] );
+		$this->assertCount( 1, $manager->get_all() );
+	}
+
+	public function data_remember_user() {
+		return array(
+			array( true ),
+			array( false ),
+		);
+	}
+
 	public function test_search_users_login() {
 		$users = get_users(
 			array(