Make sure to properly handle unicode passwords

Fix & test for #1891

src/octoprint/users.py

@@ -18,7 +18,7 @@ from builtins import range, bytes
 
 from octoprint.settings import settings
 
-from octoprint.util import atomic_write
+from octoprint.util import atomic_write, to_str
 
 class UserManager(object):
 	valid_roles = ["user", "admin"]
@@ -114,7 +114,7 @@ class UserManager(object):
 				settings().set(["accessControl", "salt"], salt)
 				settings().save()
 
-		return hashlib.sha512(password + salt).hexdigest()
+		return hashlib.sha512(to_str(password, encoding="utf-8", errors="replace") + to_str(salt)).hexdigest()
 
 	def checkPassword(self, username, password):
 		user = self.findUser(username)

tests/users/test_usermanager.py

@@ -0,0 +1,24 @@
+# coding=utf-8
+"""
+Unit tests for octoprint.users.UserManager
+"""
+
+__license__ = 'GNU Affero General Public License http://www.gnu.org/licenses/agpl.html'
+__copyright__ = "Copyright (C) 2017 The OctoPrint Project - Released under terms of the AGPLv3 License"
+
+import unittest
+import ddt
+
+import octoprint.users
+
+@ddt.ddt
+class UserManagerTest(unittest.TestCase):
+
+	def test_createPasswordHash_nonascii(self):
+		"""Test for issue #1891"""
+
+		password = u"password with ümläutß"
+		salt = "abc"
+
+		# should not throw an exception
+		octoprint.users.UserManager.createPasswordHash(password, salt=salt)