update identity only after succesfully updating user information

redash/handlers/users.py

@@ -166,16 +166,6 @@ class UserResource(BaseResource):
         return user.to_dict(with_api_key=is_admin_or_owner(user_id))
 
     def post(self, user_id):
-        @after_this_request
-        def update_identity_cookie(response):
-            session['user_id'] = user.get_id()
-
-            remember_token = request.cookies.get('remember_token')
-            if remember_token:
-                response.set_cookie('remember_token', re.sub('.*\\|', user.get_id() + '|', remember_token))
-
-            return response
-
         require_admin_or_owner(user_id)
         user = models.User.get_by_id_and_org(user_id, self.current_org)
 
@@ -205,6 +195,16 @@ class UserResource(BaseResource):
         try:
             self.update_model(user, params)
             models.db.session.commit()
+
+            @after_this_request
+            def update_identity_cookie(response):
+                session['user_id'] = user.get_id()
+
+                remember_token = request.cookies.get('remember_token')
+                if remember_token:
+                    response.set_cookie('remember_token', re.sub('.*\\|', user.get_id() + '|', remember_token))
+
+                return response
         except IntegrityError as e:
             if "email" in e.message:
                 message = "Email already taken."

tests/handlers/test_users.py

@@ -16,7 +16,7 @@ class TestUserListResourcePost(BaseTestCase):
 
         rv = self.make_request('post', '/api/users', data={'name': 'User'}, user=admin)
         self.assertEqual(rv.status_code, 400)
-    
+
     def test_returns_400_when_using_temporary_email(self):
         admin = self.factory.create_admin()
 
@@ -149,7 +149,7 @@ class TestUserResourcePost(BaseTestCase):
 
         user = models.User.query.get(self.factory.user.id)
         self.assertTrue(user.verify_password(new_password))
-    
+
     def test_returns_400_when_using_temporary_email(self):
         admin = self.factory.create_admin()