Merge remote branch 'origin/master' into bug261-resized-filenames

[mediagoblin.git] / mediagoblin / auth / lib.py

diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py
index cf4a2b8331557f8e20b93c35fafebc26cbab5141..ddb58fe61eec606b578b19cfc7cd5b7c1d6db77a 100644 (file)
--- a/mediagoblin/auth/lib.py
+++ b/mediagoblin/auth/lib.py
@@ -1,5 +1,5 @@
 # GNU MediaGoblin -- federated, autonomous media hosting
-# Copyright (C) 2011 MediaGoblin contributors.  See AUTHORS.
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@@ -42,7 +42,7 @@ def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None):
     if extra_salt:
         raw_pass = u"%s:%s" % (extra_salt, raw_pass)
 
-    hashed_pass = bcrypt.hashpw(raw_pass, stored_hash)
+    hashed_pass = bcrypt.hashpw(raw_pass.encode('utf-8'), stored_hash)
 
     # Reduce risk of timing attacks by hashing again with a random
     # number (thx to zooko on this advice, which I hopefully
@@ -68,7 +68,8 @@ def bcrypt_gen_password_hash(raw_pass, extra_salt=None):
     if extra_salt:
         raw_pass = u"%s:%s" % (extra_salt, raw_pass)
 
-    return unicode(bcrypt.hashpw(raw_pass, bcrypt.gensalt()))
+    return unicode(
+        bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt()))
 
 
 def fake_login_attempt():
@@ -105,17 +106,17 @@ def send_verification_email(user, request):
     """
     rendered_email = render_template(
         request, 'mediagoblin/auth/verification_email.txt',
-        {'username': user['username'],
+        {'username': user.username,
          'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
                 host=request.host,
                 uri=request.urlgen('mediagoblin.auth.verify_email'),
                 userid=unicode(user._id),
-                verification_key=user['verification_key'])})
+                verification_key=user.verification_key)})
 
     # TODO: There is no error handling in place
     send_email(
         mg_globals.app_config['email_sender_address'],
-        [user['email']],
+        [user.email],
         # TODO
         # Due to the distributed nature of GNU MediaGoblin, we should
         # find a way to send some additional information about the
@@ -140,16 +141,16 @@ def send_fp_verification_email(user, request):
     """
     rendered_email = render_template(
         request, 'mediagoblin/auth/fp_verification_email.txt',
-        {'username': user['username'],
+        {'username': user.username,
          'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format(
                 host=request.host,
                 uri=request.urlgen('mediagoblin.auth.verify_forgot_password'),
                 userid=unicode(user._id),
-                fp_verification_key=user['fp_verification_key'])})
+                fp_verification_key=user.fp_verification_key)})
 
     # TODO: There is no error handling in place
     send_email(
         mg_globals.app_config['email_sender_address'],
-        [user['email']],
+        [user.email],
         'GNU MediaGoblin - Change forgotten password!',
         rendered_email)