FIX: Allow unicode in username and groups.

main.go

@@ -238,6 +238,7 @@ func redirectIfNoCookie(handler http.Handler, r *http.Request, w http.ResponseWr
 		expiration := time.Now().Add(reauthorizeInterval)
 
 		cookieData := strings.Join([]string{username, strings.Join(groups, "|"), user_id}, ",")
+		cookieData = url.QueryEscape(cookieData)
 		http.SetCookie(w, &http.Cookie{
 			Name:     cookieName,
 			Value:    signCookie(cookieData, config.CookieSecret),
@@ -298,6 +299,10 @@ func parseCookie(data, secret string) (username string, groups string, user_id s
 		err = fmt.Errorf("Expecting signature to match")
 		return
 	} else {
+		parsed, err = url.QueryUnescape(parsed)
+		if err != nil {
+			return
+		}
 		splitted := strings.Split(parsed, ",")
 		username = splitted[0]
 		groups = splitted[1]

main_test.go

@@ -214,6 +214,16 @@ func TestValidPayloadWithoutUserID(t *testing.T) {
 	assert.Equal(t, user_id, "")
 }
 
+func TestValidPayloadWithUnicode(t *testing.T) {
+	signed := signCookie("用户名,群组,2", "secretfoo")
+	username, group, user_id, parseError := parseCookie(signed, "secretfoo")
+
+	assert.NoError(t, parseError)
+	assert.Equal(t, username, "用户名")
+	assert.Equal(t, group, "群组")
+	assert.Equal(t, user_id, "2")
+}
+
 func TestNotWhitelistedPath(t *testing.T) {
 	c := NewTestConfig()
 	c.Whitelist = ""