2 files changed, 13 insertions, 4 deletions

diff --git a/app.py b/app.py
index 3715cac..10a5bc2 100644
--- a/app.py
+++ b/app.py
@@ -26,8 +26,10 @@ def ldap_connect():
     g.user = None
 
     if 'username' in session and 'password' in session:
+        username = ensure_utf8(session['username'])
+        password = ensure_utf8(decrypt_password(session['password']))
         try:
-            g.user = g.ldap.auth(session['username'], decrypt_password(session['password']))
+            g.user = g.ldap.auth(username, password)
         except ldap.INVALID_CREDENTIALS:
             # we had crap in the session, delete it
             logout_user()
diff --git a/utils.py b/utils.py
index 42b3bf5..dd044c3 100644
--- a/utils.py
+++ b/utils.py
@@ -55,6 +55,9 @@ def logout_required(f):
 
 
 def login_user(username, password):
+    username = ensure_utf8(username)
+    password = ensure_utf8(password)
+
     try:
         g.user = g.ldap.auth(username, password)
     except ldap.INVALID_CREDENTIALS:
@@ -82,8 +85,7 @@ def encrypt_password(password):
     """
     assert len(current_app.config['PASSWORD_ENCRYPTION_KEY']) == 32
 
-    if isinstance(password, unicode):
-        password = password.encode('utf8')
+    password = ensure_utf8(password)
 
     iv = ''.join(chr(randint(0, 0xff)) for i in range(16))
     encryptor = AES.new(current_app.config['PASSWORD_ENCRYPTION_KEY'], AES.MODE_CBC, iv)
@@ -95,7 +97,7 @@ def decrypt_password(ciphertext):
     """
     iv = ciphertext[:16]
     encryptor = AES.new(current_app.config['PASSWORD_ENCRYPTION_KEY'], AES.MODE_CBC, iv)
-    return encryptor.decrypt(ciphertext[16:]).rstrip('\0')
+    return encryptor.decrypt(ciphertext[16:]).rstrip('\0').decode('utf8')
 
 
 def make_confirmation(realm, data):
@@ -181,3 +183,8 @@ class Service(object):
 
     def __repr__(self):
         return '<Service %s>' % self.id
+
+def ensure_utf8(s):
+    if isinstance(s, unicode):
+        s = s.encode('utf8')
+    return s