Hash password when reset it (#3026)

2026-05-07 09:47:14 +02:00 · 2022-03-29 07:16:12 +09:00
parent b5ee6431c4
commit 8c4ce5e5f4
1 changed files with 1 additions and 1 deletions
--- a/src/main/scala/gitbucket/core/controller/AccountController.scala
+++ b/src/main/scala/gitbucket/core/controller/AccountController.scala
@@ -693,7 +693,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
      decodeResetPasswordToken(form.token)
        .flatMap { mailAddress =>
          getAccountByMailAddress(mailAddress).map { account =>
-            updateAccount(account.copy(password = form.password))
+            updateAccount(account.copy(password = pbkdf2_sha256(form.password)))
            html.resetcomplete()
          }
        }