From 46fdbac857a434c4b6b88c2ff4d78c525f33f3d4 Mon Sep 17 00:00:00 2001
From: Jim O'Donnell <jim@zooniverse.org>
Date: Wed, 22 Feb 2023 10:53:37 +0000
Subject: [PATCH] Use credentialed requests for password updates Swap
 `apiClient.put` for `makeCredentialHTTPRequest` in `auth.changePassword` and
 `auth.resetPassword`.

This should allow those client methods to work even when the client and the API are not on the same origin eg. when using the staging API.
---
 lib/auth.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/auth.js b/lib/auth.js
index 2a32cbe..9d5fa05 100644
--- a/lib/auth.js
+++ b/lib/auth.js
@@ -254,7 +254,8 @@ const authClient = new Model({
             },
           };
 
-          return apiClient.put('/../users', data, config.jsonHeaders)
+          const url = config.host + '/users';
+          return makeCredentialHTTPRequest('PUT', url, data, config.jsonHeaders)
             .then(function() {
               // Resetting the password changes the underlying cookie session data
               // need to sign out and back in to refresh
@@ -297,7 +298,8 @@ const authClient = new Model({
         },
       };
 
-      return apiClient.put('/../users/password', data, config.jsonHeaders);
+      const url = config.host + '/users/password';
+      return makeCredentialHTTPRequest('PUT', url, data, config.jsonHeaders);
     }.bind(this));
   },