Add support for wide characters in passwords.

The crypt function cannot handle most wide (Unicode) characters,
but does handle some by attempting to downgrade to an 8-bit string.

In order to support wide characters in passwords while not breaking
any passwords which worked before this change, a password will be
encoded into UTF-8 before being sent to crypt only when crypt dies
on the original string.

Author: taniwallach

lib/WeBWorK/Authen.pm

@@ -633,8 +633,15 @@ sub checkPassword {
 	my $Password = $db->getPassword($userID);
 	if (defined $Password) {
 		# Check against the password in the database.
-		my $possibleCryptPassword = crypt $possibleClearPassword, $Password->password;
-		my $dbPassword            = $Password->password;
+		my $possibleCryptPassword = '';
+		# Wrap crypt in an eval to catch any "Wide character in crypt" errors.
+		# When such an error occurs - try to encode to UTF-8 and they run crypt.
+		eval { $possibleCryptPassword = crypt $possibleClearPassword, $Password->password; };
+		if ($@ && $@ =~ /Wide char/) {
+			$possibleCryptPassword = crypt Encode::encode_utf8($possibleClearPassword), $Password->password;
+		}
+
+		my $dbPassword = $Password->password;
 		# This next line explicitly insures that blank or null passwords from the database can never succeed in matching
 		# an entered password.  This also rejects cases when the database has a crypted password which matches a
 		# submitted all white-space or null password by requiring that the $possibleClearPassword contain some non-space

lib/WeBWorK/ContentGenerator/Options.pm

@@ -56,7 +56,16 @@ sub initialize ($c) {
 				$userID ne $effectiveUserID ? eval { $db->getPassword($c->{effectiveUser}->user_id) } : $password;
 
 			# Check that either password is not defined or if it is defined then we have the right one.
-			if (!defined $password || crypt($currP // '', $password->password) eq $password->password) {
+			my $cryptedCurrP;
+			if (defined $password) {
+				# Wrap crypt in an eval to catch any "Wide character in crypt" errors.
+				# If crypt fails due to a wide character, encode to UTF-8 before calling crypt.
+				eval { $cryptedCurrP = crypt($currP // '', $password->password); };
+				if ($@ && $@ =~ /Wide char/) {
+					$cryptedCurrP = crypt(Encode::encode_utf8($currP), $password->password);
+				}
+			}
+			if (!defined $password || $cryptedCurrP eq $password->password) {
 				my $e_user_name = $c->{effectiveUser}->first_name . ' ' . $c->{effectiveUser}->last_name;
 				if ($newP eq $confirmP) {
 					if (!defined $effectiveUserPassword) {

lib/WeBWorK/Utils.pm

@@ -151,7 +151,18 @@ sub cryptPassword ($clearPassword) {
 		$salt .= ('.', '/', '0' .. '9', 'A' .. 'Z', 'a' .. 'z')[ rand 64 ];
 	}
 
-	return crypt(trim_spaces($clearPassword), $salt);
+	# crypt does not support much beyond ASCII and fails on most wide
+	# characters. Work around this without changing behavior whenever
+	# crypt works as-is, so as not to break existing passwords which
+	# worked before the change.
+	my $cryptedPassword = '';
+	eval { $cryptedPassword = crypt(trim_spaces($clearPassword), $salt); };
+	if ($@ && $@ =~ /Wide char/) {
+		# Try to encode to UTF-8 and they run crypt
+		$cryptedPassword = crypt(Encode::encode_utf8(trim_spaces($clearPassword)), $salt);
+	}
+
+	return $cryptedPassword;
 }
 
 sub undefstr ($default, @values) {