From 8c4ce5e5f4a8aa8397baf58ff61eb0d6e52590fb Mon Sep 17 00:00:00 2001
From: Naoki Takezoe <takezoe@gmail.com>
Date: Tue, 29 Mar 2022 07:16:12 +0900
Subject: [PATCH] Hash password when reset it (#3026)

---
 .../scala/gitbucket/core/controller/AccountController.scala     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/scala/gitbucket/core/controller/AccountController.scala b/src/main/scala/gitbucket/core/controller/AccountController.scala
index e3a7304c1..940282622 100644
--- a/src/main/scala/gitbucket/core/controller/AccountController.scala
+++ b/src/main/scala/gitbucket/core/controller/AccountController.scala
@@ -693,7 +693,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
       decodeResetPasswordToken(form.token)
         .flatMap { mailAddress =>
           getAccountByMailAddress(mailAddress).map { account =>
-            updateAccount(account.copy(password = form.password))
+            updateAccount(account.copy(password = pbkdf2_sha256(form.password)))
             html.resetcomplete()
           }
         }