--- a/kallithea/controllers/api/api.py	Sun Jun 11 15:02:09 2017 +0200
+++ b/kallithea/controllers/api/api.py	Tue Jun 13 01:11:31 2017 +0200
@@ -599,7 +599,7 @@
 
     @HasPermissionAnyDecorator('hg.admin')
     def create_user(self, username, email, password=Optional(''),
-                    firstname=Optional(''), lastname=Optional(''),
+                    firstname=Optional(u''), lastname=Optional(u''),
                     active=Optional(True), admin=Optional(False),
                     extern_type=Optional(User.DEFAULT_AUTH_TYPE),
                     extern_name=Optional('')):
@@ -852,7 +852,7 @@
         ]
 
     @HasPermissionAnyDecorator('hg.admin', 'hg.usergroup.create.true')
-    def create_user_group(self, group_name, description=Optional(''),
+    def create_user_group(self, group_name, description=Optional(u''),
                           owner=Optional(OAttr('apiuser')), active=Optional(True)):
         """
         Creates new user group. This command can be executed only using api_key
@@ -2523,7 +2523,7 @@
         return pull_request.get_api_data()
 
     # permission check inside
-    def comment_pullrequest(self, pull_request_id, comment_msg='', status=None, close_pr=False):
+    def comment_pullrequest(self, pull_request_id, comment_msg=u'', status=None, close_pr=False):
         """
         Add comment, close and change status of pull request.
         """

--- a/kallithea/model/pull_request.py	Sun Jun 11 15:02:09 2017 +0200
+++ b/kallithea/model/pull_request.py	Tue Jun 13 01:11:31 2017 +0200
@@ -130,6 +130,8 @@
 
     def remove_reviewers(self, user, pull_request, reviewers):
         """Remove specified users from being reviewers of the PR."""
+        if not reviewers:
+            return # avoid SQLAlchemy warning about empty sequence for IN-predicate
 
         PullRequestReviewer.query() \
             .filter_by(pull_request=pull_request) \

--- a/kallithea/tests/api/api_base.py	Sun Jun 11 15:02:09 2017 +0200
+++ b/kallithea/tests/api/api_base.py	Tue Jun 13 01:11:31 2017 +0200
@@ -2510,7 +2510,7 @@
         self._compare_error(id_, expected, given=response.body)
 
     def test_api_get_pullrequest(self):
-        pull_request_id = fixture.create_pullrequest(self, self.REPO, self.TEST_PR_SRC, self.TEST_PR_DST, 'get test')
+        pull_request_id = fixture.create_pullrequest(self, self.REPO, self.TEST_PR_SRC, self.TEST_PR_DST, u'get test')
         random_id = random.randrange(1, 9999)
         params = json.dumps({
             "id": random_id,
@@ -2541,7 +2541,7 @@
                                       "2000-01-01T00:00:00.000", response.body))
 
     def test_api_close_pullrequest(self):
-        pull_request_id = fixture.create_pullrequest(self, self.REPO, self.TEST_PR_SRC, self.TEST_PR_DST, 'close test')
+        pull_request_id = fixture.create_pullrequest(self, self.REPO, self.TEST_PR_SRC, self.TEST_PR_DST, u'close test')
         random_id = random.randrange(1, 9999)
         params = json.dumps({
             "id": random_id,
@@ -2557,7 +2557,7 @@
         assert pullrequest.is_closed() == True
 
     def test_api_status_pullrequest(self):
-        pull_request_id = fixture.create_pullrequest(self, self.REPO, self.TEST_PR_SRC, self.TEST_PR_DST, "status test")
+        pull_request_id = fixture.create_pullrequest(self, self.REPO, self.TEST_PR_SRC, self.TEST_PR_DST, u"status test")
 
         random_id = random.randrange(1, 9999)
         params = json.dumps({
@@ -2582,7 +2582,7 @@
         assert ChangesetStatus.STATUS_APPROVED == ChangesetStatusModel().calculate_pull_request_result(pullrequest)[2]
 
     def test_api_comment_pullrequest(self):
-        pull_request_id = fixture.create_pullrequest(self, self.REPO, self.TEST_PR_SRC, self.TEST_PR_DST, "comment test")
+        pull_request_id = fixture.create_pullrequest(self, self.REPO, self.TEST_PR_SRC, self.TEST_PR_DST, u"comment test")
         random_id = random.randrange(1, 9999)
         params = json.dumps({
             "id": random_id,

--- a/kallithea/tests/fixture.py	Sun Jun 11 15:02:09 2017 +0200
+++ b/kallithea/tests/fixture.py	Tue Jun 13 01:11:31 2017 +0200
@@ -325,7 +325,7 @@
         Session().commit()
         return csm
 
-    def create_pullrequest(self, testcontroller, repo_name, pr_src_rev, pr_dst_rev, title='title'):
+    def create_pullrequest(self, testcontroller, repo_name, pr_src_rev, pr_dst_rev, title=u'title'):
         org_ref = 'branch:stable:%s' % pr_src_rev
         other_ref = 'branch:default:%s' % pr_dst_rev
         with test_context(testcontroller.app): # needed to be able to mock request user
@@ -335,7 +335,7 @@
             request.authuser = request.user = AuthUser(dbuser=owner_user)
             # creating a PR sends a message with an absolute URL - without routing that requires mocking
             with mock.patch.object(helpers, 'url', (lambda arg, qualified=False, **kwargs: ('https://localhost' if qualified else '') + '/fake/' + arg)):
-                cmd = CreatePullRequestAction(org_repo, other_repo, org_ref, other_ref, title, 'No description', owner_user, reviewers)
+                cmd = CreatePullRequestAction(org_repo, other_repo, org_ref, other_ref, title, u'No description', owner_user, reviewers)
                 pull_request = cmd.execute()
             Session().commit()
         return pull_request.pull_request_id

--- a/kallithea/tests/functional/test_admin_repo_groups.py	Sun Jun 11 15:02:09 2017 +0200
+++ b/kallithea/tests/functional/test_admin_repo_groups.py	Tue Jun 13 01:11:31 2017 +0200
@@ -11,7 +11,7 @@
 
     def test_case_insensitivity(self):
         self.log_user()
-        group_name = 'newgroup'
+        group_name = u'newgroup'
         response = self.app.post(url('repos_groups'),
                                  fixture._get_repo_group_create_params(group_name=group_name,
                                                                  _authentication_token=self.authentication_token()))

--- a/kallithea/tests/models/test_permissions.py	Sun Jun 11 15:02:09 2017 +0200
+++ b/kallithea/tests/models/test_permissions.py	Tue Jun 13 01:11:31 2017 +0200
@@ -52,6 +52,9 @@
         UserModel().delete(self.u2)
         UserModel().delete(self.u3)
         UserModel().delete(self.a1)
+
+        Session().commit() # commit early to avoid SQLAlchemy warning from double cascade delete to users_groups_members
+
         if hasattr(self, 'g1'):
             RepoGroupModel().delete(self.g1.group_id)
         if hasattr(self, 'g2'):

--- a/kallithea/tests/other/test_auth_ldap.py	Sun Jun 11 15:02:09 2017 +0200
+++ b/kallithea/tests/other/test_auth_ldap.py	Tue Jun 13 01:11:31 2017 +0200
@@ -21,8 +21,8 @@
         pass
 
     def authenticate_ldap(self, username, password):
-        return 'spam dn', dict(test_ldap_firstname=['spam ldap first name'],
-                               test_ldap_lastname=['spam ldap last name'],
+        return 'spam dn', dict(test_ldap_firstname=[u'spam ldap first name'],
+                               test_ldap_lastname=[u'spam ldap last name'],
                                test_ldap_email=['spam ldap email'])
 
 
@@ -38,8 +38,8 @@
     user_input = dict(username='test-user-{0}'.format(uniqifier),
                       password='spam password',
                       email='spam-email-{0}'.format(uniqifier),
-                      firstname='spam first name',
-                      lastname='spam last name',
+                      firstname=u'spam first name',
+                      lastname=u'spam last name',
                       active=True,
                       admin=False)
     user = create_test_user(user_input)
@@ -53,14 +53,14 @@
     # Verify that authenication succeeded and retrieved correct attributes
     # from LDAP.
     assert user_data is not None
-    assert user_data.get('firstname') == 'spam ldap first name'
-    assert user_data.get('lastname') == 'spam ldap last name'
+    assert user_data.get('firstname') == u'spam ldap first name'
+    assert user_data.get('lastname') == u'spam ldap last name'
     assert user_data.get('email') == 'spam ldap email'
 
     # Verify that authentication overwrote user attributes with the ones
     # retrieved from LDAP.
-    assert user.firstname == 'spam ldap first name'
-    assert user.lastname == 'spam ldap last name'
+    assert user.firstname == u'spam ldap first name'
+    assert user.lastname == u'spam ldap last name'
     assert user.email == 'spam ldap email'
 
 
@@ -82,16 +82,16 @@
     # Verify that authenication succeeded and retrieved correct attributes
     # from LDAP.
     assert user_data is not None
-    assert user_data.get('firstname') == 'spam ldap first name'
-    assert user_data.get('lastname') == 'spam ldap last name'
+    assert user_data.get('firstname') == u'spam ldap first name'
+    assert user_data.get('lastname') == u'spam ldap last name'
     assert user_data.get('email') == 'spam ldap email'
 
     # Verify that authentication created new user with attributes
     # retrieved from LDAP.
     new_user = User.get_by_username(username)
     assert new_user is not None
-    assert new_user.firstname == 'spam ldap first name'
-    assert new_user.lastname == 'spam ldap last name'
+    assert new_user.firstname == u'spam ldap first name'
+    assert new_user.lastname == u'spam ldap last name'
     assert new_user.email == 'spam ldap email'
 
 
@@ -125,14 +125,14 @@
     # Verify that authenication succeeded and retrieved correct attributes
     # from LDAP, with empty email.
     assert user_data is not None
-    assert user_data.get('firstname') == 'spam ldap first name'
-    assert user_data.get('lastname') == 'spam ldap last name'
+    assert user_data.get('firstname') == u'spam ldap first name'
+    assert user_data.get('lastname') == u'spam ldap last name'
     assert user_data.get('email') == ''
 
     # Verify that authentication created new user with attributes
     # retrieved from LDAP, with email == None.
     new_user = User.get_by_username(username)
     assert new_user is not None
-    assert new_user.firstname == 'spam ldap first name'
-    assert new_user.lastname == 'spam ldap last name'
+    assert new_user.firstname == u'spam ldap first name'
+    assert new_user.lastname == u'spam ldap last name'
     assert new_user.email is None