From 20a3e278bc237a4e23606cc2fc2f800f6a8dbc25 Mon Sep 17 00:00:00 2001
From: Derek Moore <derek.k.moore@gmail.com>
Date: Mon, 12 Mar 2012 16:02:42 -0700
Subject: [PATCH] Changes for 293.  Tests pass, encode UTF8 on password on
 registration (and also for subsequent logins once the user is created) is
 working.

---
 mediagoblin/auth/lib.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py
index 1136a252..ddb58fe6 100644
--- a/mediagoblin/auth/lib.py
+++ b/mediagoblin/auth/lib.py
@@ -42,7 +42,7 @@ def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None):
     if extra_salt:
         raw_pass = u"%s:%s" % (extra_salt, raw_pass)
 
-    hashed_pass = bcrypt.hashpw(raw_pass, stored_hash)
+    hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash)
 
     # Reduce risk of timing attacks by hashing again with a random
     # number (thx to zooko on this advice, which I hopefully
@@ -68,7 +68,8 @@ def bcrypt_gen_password_hash(raw_pass, extra_salt=None):
     if extra_salt:
         raw_pass = u"%s:%s" % (extra_salt, raw_pass)
 
-    return unicode(bcrypt.hashpw(raw_pass, bcrypt.gensalt()))
+    return unicode(
+        bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt()))
 
 
 def fake_login_attempt():