From 9961609d71225be3971bbfb06604bfb9b599da15 Mon Sep 17 00:00:00 2001
From: Steven Nguyen <stnguyen90@users.noreply.github.com>
Date: Fri, 19 May 2023 11:58:17 -0700
Subject: [PATCH] Update the Update Account Status API to clear the cookie

After a user updates their status, their session no longer works
however, the cookie may still exist in their browser, preventing other
API calls from completing successfully.
---
 app/controllers/api/account.php                        | 9 ++++++++-
 tests/e2e/Services/Account/AccountCustomClientTest.php | 2 ++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index dd5ac4a2da..cc598a9e2b 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -1763,11 +1763,12 @@ App::patch('/v1/account/status')
     ->label('sdk.response.type', Response::CONTENT_TYPE_JSON)
     ->label('sdk.response.model', Response::MODEL_USER)
     ->inject('requestTimestamp')
+    ->inject('request')
     ->inject('response')
     ->inject('user')
     ->inject('dbForProject')
     ->inject('events')
-    ->action(function (?\DateTime $requestTimestamp, Response $response, Document $user, Database $dbForProject, Event $events) {
+    ->action(function (?\DateTime $requestTimestamp, Request $request, Response $response, Document $user, Database $dbForProject, Event $events) {
 
         $user->setAttribute('status', false);
 
@@ -1781,6 +1782,12 @@ App::patch('/v1/account/status')
             $response->addHeader('X-Fallback-Cookies', \json_encode([]));
         }
 
+        $protocol = $request->getProtocol();
+        $response
+            ->addCookie(Auth::$cookieName . '_legacy', '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, null)
+            ->addCookie(Auth::$cookieName, '', \time() - 3600, '/', Config::getParam('cookieDomain'), ('https' == $protocol), true, Config::getParam('cookieSamesite'))
+        ;
+
         $response->dynamic($user, Response::MODEL_ACCOUNT);
     });
 
diff --git a/tests/e2e/Services/Account/AccountCustomClientTest.php b/tests/e2e/Services/Account/AccountCustomClientTest.php
index 6f75a998c1..c0435762fe 100644
--- a/tests/e2e/Services/Account/AccountCustomClientTest.php
+++ b/tests/e2e/Services/Account/AccountCustomClientTest.php
@@ -225,6 +225,8 @@ class AccountCustomClientTest extends Scope
         ]);
 
         $this->assertEquals($response['headers']['status-code'], 200);
+        $this->assertStringContainsString('a_session_' . $this->getProject()['$id'] . '=deleted', $response['headers']['set-cookie']);
+        $this->assertEquals('[]', $response['headers']['x-fallback-cookies']);
 
         $response = $this->client->call(Client::METHOD_GET, '/account', array_merge([
             'origin' => 'http://localhost',