From 3494273503bea5afb6bc5104ead66213a4c6e8b8 Mon Sep 17 00:00:00 2001
From: GotPPay <bilal.catic@hotmail.com>
Date: Fri, 1 Jun 2018 19:29:17 +0200
Subject: [PATCH] base 64 decode password

---
 server/router/passwordresetroute/controller.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/server/router/passwordresetroute/controller.go b/server/router/passwordresetroute/controller.go
index 0329b1c..b6dc289 100644
--- a/server/router/passwordresetroute/controller.go
+++ b/server/router/passwordresetroute/controller.go
@@ -118,6 +118,12 @@ func (c *controller) handleResetComplete(ctx echo.Context) error {
 		return routeutils.ResponseAPIPasswordResetFailed(ctx, "No password")
 	}
 
+	pass, err := b64.StdEncoding.DecodeString(user.Pass)
+	if err != nil {
+		return routeutils.ResponseAPIPasswordResetFailed(ctx, "Invalid password", false)
+	}
+	user.Pass = string(pass)
+
 	passwordResetEntry, err := c.svc.PasswordReset.GetByToken(userToken)
 	if err != nil || len(passwordResetEntry.Token) < 1 || passwordResetEntry.Expires.Before(time.Now()) || passwordResetEntry.Used == true {
 		return routeutils.ResponseAPIPasswordResetFailed(ctx, "Token error")