Merge pull request #19132 from edx/ddumesnil/normalize-fix

Ensuring password to be normalized is unicode. Fixing issue with third party authenticated passwords being unicode. We used to create them as strings.

common/djangoapps/util/password_policy_validators.py

@@ -91,9 +91,17 @@ def password_validators_restrictions():
 
 def normalize_password(password):
     """
+    Converts the password to utf-8 if it is not unicode already.
     Normalize all passwords to 'NFKC' across the platform to prevent mismatched hash strings when comparing entered
     passwords on login. See LEARNER-4283 for more context.
     """
+    if not isinstance(password, text_type):
+        try:
+            # some checks rely on unicode semantics (e.g. length)
+            password = text_type(password, encoding='utf8')
+        except UnicodeDecodeError:
+            # no reason to get into weeds
+            raise ValidationError([_('Invalid password.')])
     return unicodedata.normalize('NFKC', password)
 
 
@@ -101,7 +109,7 @@ def validate_password(password, user=None):
     """
     EdX's custom password validator for passwords. This function performs the
     following functions:
-        1) Converts the password to unicode if it is not already
+        1) Normalizes the password according to NFKC unicode standard
         2) Calls Django's validate_password method. This calls the validate function
             in all validators specified in AUTH_PASSWORD_VALIDATORS configuration.
 
@@ -114,8 +122,7 @@ def validate_password(password, user=None):
         None
 
     Raises:
-        ValidationError if unable to convert password to utf8 or if any of the
-        password validators fail.
+        ValidationError if any of the password validators fail.
     """
     if not isinstance(password, text_type):
         try:

openedx/core/djangoapps/user_api/accounts/utils.py

@@ -1,6 +1,8 @@
 """
 Utility methods for the account settings.
 """
+from __future__ import unicode_literals
+
 import random
 import re
 import string