settings_account: Don't redirect to login page during password change.

This handles a rare race condition that occurs when the session hash
is not updated by the backend during the password change process.
This mostly occurs in puppeteer tests, but could occur to a user.

static/js/setup.js

@@ -1,8 +1,9 @@
 "use strict";
 
 const util = require("./util");
-// Miscellaneous early setup.
 
+// Miscellaneous early setup.
+exports.password_change_in_progress = false;
 $(() => {
     if (util.is_mobile()) {
         // Disable the tutorial; it's ugly on mobile.
@@ -35,10 +36,23 @@ $(() => {
 
     // For some reason, jQuery wants this to be attached to an element.
     $(document).ajaxError((event, xhr) => {
+        if (exports.password_change_in_progress) {
+            // The backend for handling password change API requests
+            // will replace the user's session; this results in a
+            // brief race where any API request will fail with a 401
+            // error after the old session is deactivated but before
+            // the new one has been propagated to the browser.  So we
+            // skip our normal HTTP 401 error handling if we're in the
+            // process of executing a password change.
+            return;
+        }
+
         if (xhr.status === 401) {
-            // We got logged out somehow, perhaps from another window or a session timeout.
-            // We could display an error message, but jumping right to the login page seems
-            // smoother and conveys the same information.
+            // We got logged out somehow, perhaps from another window
+            // changing the user's password, or a session timeout.  We
+            // could display an error message, but jumping right to
+            // the login page conveys the same information with a
+            // smoother re-login experience.
             window.location.replace(page_params.login_page);
         }
     });