From 5afc49784e946a0d1693ba0e9d4d76b6cb590d79 Mon Sep 17 00:00:00 2001
From: Steven Nguyen <stnguyen90@users.noreply.github.com>
Date: Wed, 31 May 2023 13:52:05 -0700
Subject: [PATCH] Update the Update Phone API to also set the password

This is to ensure the behavior matches the Update Email endpoint.
---
 app/controllers/api/account.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index e2282fd988..85d59bd028 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -1706,6 +1706,14 @@ App::patch('/v1/account/phone')
             ->setAttribute('phoneVerification', false) // After this user needs to confirm phone number again
             ->setAttribute('search', implode(' ', [$user->getId(), $user->getAttribute('name', ''), $user->getAttribute('email', ''), $phone]));
 
+        if (empty($passwordUpdate)) {
+            $user
+                ->setAttribute('password', Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS))
+                ->setAttribute('hash', Auth::DEFAULT_ALGO)
+                ->setAttribute('hashOptions', Auth::DEFAULT_ALGO_OPTIONS)
+                ->setAttribute('passwordUpdate', DateTime::now());
+        }
+
         try {
             $user = $dbForProject->withRequestTimestamp($requestTimestamp, fn () => $dbForProject->updateDocument('users', $user->getId(), $user));
         } catch (Duplicate $th) {