update session when user settings change

services/web/app/coffee/Features/Authentication/AuthenticationController.coffee

@@ -85,6 +85,13 @@ module.exports = AuthenticationController =
 					logger.log email: email, "failed log in"
 					return done(null, false, {text: req.i18n.translate("email_or_password_wrong_try_again"), type: 'error'})
 
+	setInSessionUser: (req, props) ->
+		for key, value of props
+			if req?.session?.passport?.user?
+				req.session.passport.user[key] = value
+			if req?.session?.user?
+				req.session.user[key] = value
+
 	isUserLoggedIn: (req) ->
 		user_id = AuthenticationController.getLoggedInUserId(req)
 		return user_id != null

services/web/app/coffee/Features/User/UserController.coffee

@@ -59,6 +59,7 @@ module.exports = UserController =
 			user.save (err)->
 				newEmail = req.body.email?.trim().toLowerCase()
 				if !newEmail? or newEmail == user.email
+					AuthenticationController.setInSessionUser(req, {first_name: user.first_name, last_name: user.last_name})
 					return res.sendStatus 200
 				else if newEmail.indexOf("@") == -1
 					return res.sendStatus(400)
@@ -75,7 +76,7 @@ module.exports = UserController =
 							if err?
 								logger.err err:err, user_id:user_id, "error getting user for email update"
 								return res.send 500
-							req.user.email = user.email
+							AuthenticationController.setInSessionUser(req, {email: user.email, first_name: user.first_name, last_name: user.last_name})
 							UserHandler.populateGroupLicenceInvite user, (err)-> #need to refresh this in the background
 								if err?
 									logger.err err:err, "error populateGroupLicenceInvite"

services/web/test/UnitTests/coffee/Authentication/AuthenticationControllerTests.coffee

@@ -44,6 +44,29 @@ describe "AuthenticationController", ->
 	afterEach ->
 		tk.reset()
 
+	describe 'setInSessionUser', () ->
+
+		beforeEach ->
+			@user = {
+				_id: 'id'
+				first_name: 'a'
+				last_name:  'b'
+				email:      'c'
+			}
+			@req.session.passport = {user: @user}
+			@req.session.user = @user
+
+		it 'should update the right properties', () ->
+			@AuthenticationController.setInSessionUser(@req, {first_name: 'new_first_name', email: 'new_email'})
+			expectedUser = {
+				_id: 'id'
+				first_name: 'new_first_name'
+				last_name:  'b'
+				email:      'new_email'
+			}
+			expect(@req.session.passport.user).to.deep.equal(expectedUser)
+			expect(@req.session.user).to.deep.equal(expectedUser)
+
 	describe 'passportLogin', ->
 
 		beforeEach ->
@@ -346,6 +369,7 @@ describe "AuthenticationController", ->
 
 		describe "with no login credentials", ->
 			beforeEach ->
+				@req.session = {}
 				@AuthenticationController.requireGlobalLogin @req, @res, @next
 
 			it "should redirect to the /login page", ->

services/web/test/UnitTests/coffee/User/UserControllerTests.coffee

@@ -42,6 +42,7 @@ describe "UserController", ->
 			establishUserSession: sinon.stub().callsArg(2)
 			getLoggedInUserId: sinon.stub().returns(@user._id)
 			getSessionUser: sinon.stub().returns(@req.session.user)
+			setInSessionUser: sinon.stub()
 		@AuthenticationManager =
 			authenticate: sinon.stub()
 			setUserPassword: sinon.stub()
@@ -176,7 +177,9 @@ describe "UserController", ->
 				cb(null, @user)
 			@res.sendStatus = (code)=>
 				code.should.equal 200
-				@req.user.email.should.equal @newEmail
+				@AuthenticationController.setInSessionUser.calledWith(
+					@req, {email: @newEmail, first_name: undefined, last_name: undefined}
+				).should.equal true
 				done()
 			@UserController.updateUserSettings @req, @res