From fea2c6e5c7994fa30f1740bf04d1126eb2d55a83 Mon Sep 17 00:00:00 2001
From: Ian <ian.c.bacher@gmail.com>
Date: Thu, 10 Oct 2024 11:31:00 -0400
Subject: [PATCH] ForcePasswordChangeFilter should not run on /ws

---
 .../module/web/filter/ForcePasswordChangeFilter.java      | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/omod/src/main/java/org/openmrs/module/web/filter/ForcePasswordChangeFilter.java b/omod/src/main/java/org/openmrs/module/web/filter/ForcePasswordChangeFilter.java
index e9e12f9d..21d1d828 100644
--- a/omod/src/main/java/org/openmrs/module/web/filter/ForcePasswordChangeFilter.java
+++ b/omod/src/main/java/org/openmrs/module/web/filter/ForcePasswordChangeFilter.java
@@ -50,7 +50,8 @@ public void destroy() {
 	 */
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
 	        ServletException {
-		String requestURI = ((HttpServletRequest) request).getRequestURI();
+		HttpServletRequest httpRequest = (HttpServletRequest) request;
+		String requestURI = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length());
 		
 		if (Context.isAuthenticated()
 		        && new UserProperties(Context.getAuthenticatedUser().getUserProperties()).isSupposedToChangePassword()
@@ -65,10 +66,13 @@ && shouldNotAllowAccessToUrl(requestURI)) {
 	 * Method to check if the request url is an excluded url.
 	 * 
 	 * @param requestURI
-	 * @param excludeURL
 	 * @return
 	 */
 	private boolean shouldNotAllowAccessToUrl(String requestURI) {
+		// /ws is reserved
+		if (requestURI.startsWith("/ws")) {
+			return false;
+		}
 		
 		for (String url : excludedURLs) {
 			if (requestURI.endsWith(url)) {