diff options
-rw-r--r-- | app.py | 4 | ||||
-rw-r--r-- | utils.py | 13 |
2 files changed, 13 insertions, 4 deletions
@@ -26,8 +26,10 @@ def ldap_connect(): g.user = None if 'username' in session and 'password' in session: + username = ensure_utf8(session['username']) + password = ensure_utf8(decrypt_password(session['password'])) try: - g.user = g.ldap.auth(session['username'], decrypt_password(session['password'])) + g.user = g.ldap.auth(username, password) except ldap.INVALID_CREDENTIALS: # we had crap in the session, delete it logout_user() @@ -55,6 +55,9 @@ def logout_required(f): def login_user(username, password): + username = ensure_utf8(username) + password = ensure_utf8(password) + try: g.user = g.ldap.auth(username, password) except ldap.INVALID_CREDENTIALS: @@ -82,8 +85,7 @@ def encrypt_password(password): """ assert len(current_app.config['PASSWORD_ENCRYPTION_KEY']) == 32 - if isinstance(password, unicode): - password = password.encode('utf8') + password = ensure_utf8(password) iv = ''.join(chr(randint(0, 0xff)) for i in range(16)) encryptor = AES.new(current_app.config['PASSWORD_ENCRYPTION_KEY'], AES.MODE_CBC, iv) @@ -95,7 +97,7 @@ def decrypt_password(ciphertext): """ iv = ciphertext[:16] encryptor = AES.new(current_app.config['PASSWORD_ENCRYPTION_KEY'], AES.MODE_CBC, iv) - return encryptor.decrypt(ciphertext[16:]).rstrip('\0') + return encryptor.decrypt(ciphertext[16:]).rstrip('\0').decode('utf8') def make_confirmation(realm, data): @@ -181,3 +183,8 @@ class Service(object): def __repr__(self): return '<Service %s>' % self.id + +def ensure_utf8(s): + if isinstance(s, unicode): + s = s.encode('utf8') + return s |