Ejemplo n.º 1
0
def index(request):
    """
  the page from which one chooses how to log in.
  """

    user = get_user(request)

    # single auth system?
    if len(auth.ENABLED_AUTH_SYSTEMS) == 1 and not user:
        return HttpResponseRedirect(
            reverse(start, args=[auth.ENABLED_AUTH_SYSTEMS[0]]) +
            '?return_url=' + request.GET.get('return_url', ''))

    #if auth.DEFAULT_AUTH_SYSTEM and not user:
    #  return HttpResponseRedirect(reverse(start, args=[auth.DEFAULT_AUTH_SYSTEM])+ '?return_url=' + request.GET.get('return_url', ''))

    default_auth_system_obj = None
    if auth.DEFAULT_AUTH_SYSTEM:
        default_auth_system_obj = AUTH_SYSTEMS[auth.DEFAULT_AUTH_SYSTEM]

    #form = password.LoginForm()

    return render_template(
        request, 'index', {
            'return_url': request.GET.get('return_url', '/'),
            'enabled_auth_systems': auth.ENABLED_AUTH_SYSTEMS,
            'default_auth_system': auth.DEFAULT_AUTH_SYSTEM,
            'default_auth_system_obj': default_auth_system_obj
        })
Ejemplo n.º 2
0
def voters_list_pretty(request, election):
  """
  Show the list of voters
  """
  after = request.GET.get('after', None)
  offset= int(request.GET.get('offset', 0))
  limit = int(request.GET.get('limit', 50))
  
  order_by = 'voter_id'

  user = get_user(request)
  admin_p = user and (user == election.admin)  
  
  # files being processed
  voter_files = election.voterfile_set.all()

  # load a bunch of voters
  voters = Voter.get_by_election(election, after=after, limit=limit+1, order_by=order_by)
    
  more_p = len(voters) > limit
  if more_p:
    voters = voters[0:limit]
    next_after = getattr(voters[limit-1], order_by)
  else:
    next_after = None
    
  return render_template(request, 'voters_list', {'election': election, 'voters': voters, 'admin_p': admin_p, 
                                                  'next_after': next_after, 'email_voters': helios.VOTERS_EMAIL,
                                                  'offset': offset, 'limit': limit, 'offset_plus_one': offset+1,
                                                  'offset_plus_limit': offset+min(limit,len(voters)),
                                                  'upload_p': helios.VOTERS_UPLOAD,
                                                  'voter_files': voter_files})
Ejemplo n.º 3
0
def index(request):
  """
  the page from which one chooses how to log in.
  """
  
  user = get_user(request)

  # single auth system?
  if len(auth.ENABLED_AUTH_SYSTEMS) == 1 and not user:
    return HttpResponseRedirect(reverse(start, args=[auth.ENABLED_AUTH_SYSTEMS[0]])+ '?return_url=' + request.GET.get('return_url', ''))

  #if auth.DEFAULT_AUTH_SYSTEM and not user:
  #  return HttpResponseRedirect(reverse(start, args=[auth.DEFAULT_AUTH_SYSTEM])+ '?return_url=' + request.GET.get('return_url', ''))
  
  default_auth_system_obj = None
  if auth.DEFAULT_AUTH_SYSTEM:
    default_auth_system_obj = auth_systems.AUTH_SYSTEMS[auth.DEFAULT_AUTH_SYSTEM]

  form = password.LoginForm()

  return render_template(request,'index', {'return_url' : request.GET.get('return_url', '/'),
                                           'enabled_auth_systems' : auth.ENABLED_AUTH_SYSTEMS,
                                           'default_auth_system': auth.DEFAULT_AUTH_SYSTEM,
                                           'default_auth_system_obj': default_auth_system_obj,
                                           'form' : form})
Ejemplo n.º 4
0
def one_election_view(request, election):
  user = get_user(request)
  admin_p = user and (user == election.admin)
  
  notregistered = False
  
  eligible_p = True
  
  if user:
    voter = Voter.get_by_election_and_user(election, user)
    
    if voter:
      # cast any votes?
      votes = CastVote.get_by_election_and_voter(election, voter)
    else:
      eligible_p = _check_eligibility(election, user)
      votes = None
      notregistered = True
  else:
    voter = None
    votes = None
    
  trustees = Trustee.get_by_election(election)
    
  return render_template(request, 'election_view', {'election' : election, 'trustees': trustees, 'admin_p': admin_p, 'user': user, 'voter': voter, 'votes': votes, 'notregistered': notregistered, 'email_voters': helios.VOTERS_EMAIL, 'eligible_p': eligible_p})
Ejemplo n.º 5
0
def voters_eligibility(request, election):
  """
  set eligibility for voters
  """
  user = get_user(request)

  if request.method == "GET":
    # this shouldn't happen, only POSTs
    return HttpResponseRedirect("/")

  # for now, private elections cannot change eligibility
  if election.private_p:
    return HttpResponseRedirect(reverse(voters_list_pretty, args=[election.uuid]))

  # eligibility
  eligibility = request.POST['eligibility']

  if eligibility in ['openreg', 'limitedreg']:
    election.openreg= True

  if eligibility == 'closedreg':
    election.openreg= False

  if eligibility == 'limitedreg':
    # now process the constraint
    category_id = request.POST['category_id']

    constraint = AUTH_SYSTEMS[user.user_type].generate_constraint(category_id, user)
    election.eligibility = [{'auth_system': user.user_type, 'constraint': [constraint]}]
  else:
    election.eligibility = None

  election.save()
  return HttpResponseRedirect(reverse(voters_list_pretty, args=[election.uuid]))
Ejemplo n.º 6
0
def home(request):
  user = get_user(request)
  if user:
    elections = Election.get_by_user_as_admin(user, archived_p = False)
  else:
    elections = []

  return render_template(request, "index", {'elections' : elections})
Ejemplo n.º 7
0
def elections_administered(request):
  if not can_create_election(request):
    return HttpResponseForbidden('only an administrator has elections to administer')

  user = get_user(request)
  elections = Election.get_by_user_as_admin(user)

  return render_template(request, "elections_administered", {'elections': elections})
Ejemplo n.º 8
0
def stats(request):
  user = get_user(request)
  if not user or not user.admin_p:
    raise PermissionDenied()

  elections = Election.objects.all().order_by('-created_at')[:25]

  return render_template(request, "stats", {'elections' : elections})
Ejemplo n.º 9
0
def voters_list_pretty(request, election):
  """
  Show the list of voters
  now using Django pagination
  """

  # for django pagination support
  page = int(request.GET.get('page', 1))
  limit = int(request.GET.get('limit', 50))
  q = request.GET.get('q','')
  
  order_by = 'user__user_id'

  # unless it's by alias, in which case we better go by UUID
  if election.use_voter_aliases:
    order_by = 'alias'

  user = get_user(request)
  admin_p = security.user_can_admin_election(user, election)

  categories = None
  eligibility_category_id = None

  try:
    from auth.auth_systems import can_list_categories
    if admin_p and can_list_categories(user.user_type):
      categories = AUTH_SYSTEMS[user.user_type].list_categories(user)
      eligibility_category_id = election.eligibility_category_id(user.user_type)
  except AuthenticationExpired:
    return user_reauth(request, user)
  
  # files being processed
  voter_files = election.voterfile_set.all()

  # load a bunch of voters
  # voters = Voter.get_by_election(election, order_by=order_by)
  voters = Voter.objects.filter(election = election).order_by(order_by).defer('vote')

  if q != '':
    if election.use_voter_aliases:
      voters = voters.filter(alias__icontains = q)
    else:
      voters = voters.filter(voter_name__icontains = q)

  voter_paginator = Paginator(voters, limit)
  voters_page = voter_paginator.page(page)

  total_voters = voter_paginator.count
    
  return render_template(request, 'voters_list', 
                         {'election': election, 'voters_page': voters_page,
                          'voters': voters_page.object_list, 'admin_p': admin_p, 
                          'email_voters': helios.VOTERS_EMAIL,
                          'limit': limit, 'total_voters': total_voters,
                          'upload_p': helios.VOTERS_UPLOAD, 'q' : q,
                          'voter_files': voter_files,
                          'categories': categories,
                          'eligibility_category_id' : eligibility_category_id})
Ejemplo n.º 10
0
def can_create_election(request):
    user = get_user(request)
    if not user:
        return False

    if helios.ADMIN_ONLY:
        return user.admin_p
    else:
        return user != None
Ejemplo n.º 11
0
def can_create_election(request):
    user = get_user(request)
    if not user:
        return False

    if helios.ADMIN_ONLY:
        return user.admin_p
    else:
        return user != None
Ejemplo n.º 12
0
def one_election_view(request, election):
  user = get_user(request)
  admin_p = security.user_can_admin_election(user, election)
  can_feature_p = security.user_can_feature_election(user, election)
  
  notregistered = False
  eligible_p = True
  
  election_url = get_election_url(election)
  status_update_message = None

  vote_url = "%s/booth/vote.html?%s" % (settings.SECURE_URL_HOST, urllib.urlencode({'election_url' : reverse(one_election, args=[election.uuid])}))

  test_cookie_url = "%s?%s" % (reverse(test_cookie), urllib.urlencode({'continue_url' : vote_url}))
  
  if user:
    voter = Voter.get_by_election_and_user(election, user)
    
    if voter:
      # cast any votes?
      votes = CastVote.get_by_voter(voter)
    else:
      eligible_p = _check_eligibility(election, user)
      votes = None
      notregistered = True
  else:
    voter = None
    votes = None

  # status update message?
  if election.openreg:
    if election.voting_has_started:
      status_update_message = u"Vote in %s" % election.name
    else:
      status_update_message = u"Register to vote in %s" % election.name

  # result!
  if election.result:
    status_update_message = u"Results are in for %s" % election.name
  
  # a URL for the social buttons
  socialbuttons_url = None
  if status_update_message:
    socialbuttons_url = "%s%s?%s" % (settings.SOCIALBUTTONS_URL_HOST,
                                     reverse(socialbuttons),
                                     urllib.urlencode({
          'url' : election_url,
          'text': status_update_message.encode('utf-8')
          }))

  trustees = Trustee.get_by_election(election)
    
  return render_template(request, 'election_view',
                         {'election' : election, 'trustees': trustees, 'admin_p': admin_p, 'user': user,
                          'voter': voter, 'votes': votes, 'notregistered': notregistered, 'eligible_p': eligible_p,
                          'can_feature_p': can_feature_p, 'election_url' : election_url, 'vote_url': vote_url,
                          'test_cookie_url': test_cookie_url, 'socialbuttons_url' : socialbuttons_url})
Ejemplo n.º 13
0
        def election_admin_wrapper(request, election_uuid=None, *args, **kw):
            election = get_election_by_uuid(election_uuid)

            user = get_user(request)
            if not user_can_admin_election(user, election):
                raise PermissionDenied()

            # do checks
            do_election_checks(election, checks)

            return func(request, election, *args, **kw)
Ejemplo n.º 14
0
def one_election_cast(request, election):
  """
  on a GET, this is a cancellation, on a POST it's a cast
  """
  if request.method == "GET":
    return HttpResponseRedirect(reverse(one_election_view, args = [election.uuid]))
    
  user = get_user(request)    
  encrypted_vote = request.POST['encrypted_vote']
  request.session['encrypted_vote'] = encrypted_vote
  return HttpResponseRedirect(reverse(one_election_cast_confirm, args=[election.uuid]))
Ejemplo n.º 15
0
        def election_admin_wrapper(request, election_uuid=None, *args, **kw):
            election = get_election_by_uuid(election_uuid)

            user = get_user(request)
            if not user_can_admin_election(user, election):
                raise PermissionDenied()

            # do checks
            do_election_checks(election, checks)

            return func(request, election, *args, **kw)
Ejemplo n.º 16
0
def one_election_set_result_and_proof(request, election):
  if not election.tallied:
    return HttpResponseRedirect(reverse(one_election_view,args=[election.election_id]))

  # FIXME: check csrf
  election.result = utils.from_json(request.POST['result'])
  election.result_proof = utils.from_json(request.POST['result_proof'])
  election.save()

  if get_user(request):
    return HttpResponseRedirect(reverse(one_election_view, args=[election.uuid]))
  else:
    return SUCCESS
Ejemplo n.º 17
0
def one_election_cast(request, election):
  """
  on a GET, this is a cancellation, on a POST it's a cast
  """
  if request.method == "GET":
    return HttpResponseRedirect("%s%s" % (settings.URL_HOST, reverse(one_election_view, args = [election.uuid])))

  user = get_user(request)
  encrypted_vote = request.POST['encrypted_vote']

  save_in_session_across_logouts(request, 'encrypted_vote', encrypted_vote)

  return HttpResponseRedirect("%s%s" % (settings.SECURE_URL_HOST, reverse(one_election_cast_confirm, args=[election.uuid])))
Ejemplo n.º 18
0
def one_election_register(request, election):
  if not election.openreg:
    return HttpResponseForbidden('registration is closed for this election')

  check_csrf(request)

  user = get_user(request)
  voter = Voter.get_by_election_and_user(election, user)

  if not voter:
    voter = _register_voter(election, user)

  return HttpResponseRedirect(reverse(one_election_view, args=[election.uuid]))
Ejemplo n.º 19
0
def one_election_cast_done(request, election):
  user = get_user(request)
  voter = Voter.get_by_election_and_user(election, user)
  votes = CastVote.get_by_election_and_voter(election, voter)

  logout = settings.LOGOUT_ON_CONFIRMATION
  
  #if logout:
  #  request.session.flush()
    
  # we suppress the user information because we're claiming logout, even though
  # logout is happening asynchronously in an iframe to be modular given the logout mechanism
  return render_template(request, 'cast_done', {'election': election, 'last_vote': votes[0], 'logout': logout}, include_user=False)
Ejemplo n.º 20
0
def render_template(request, template_name, vars = {}):
  t = loader.get_template(template_name + '.html')
  
  vars_with_user = vars.copy()
  vars_with_user['user'] = get_user(request)
  vars_with_user['settings'] = settings
  vars_with_user['CURRENT_URL'] = request.path
  
  # csrf protection
  if request.session.has_key('csrf_token'):
    vars_with_user['csrf_token'] = request.session['csrf_token']
  
  return render_to_response('server_ui/templates/%s.html' % template_name, vars_with_user)
Ejemplo n.º 21
0
def user_can_see_election(request, election):
  user = get_user(request)

  if not election.private_p:
    return True

  # election is private
  
  # but maybe this user is the administrator?
  if user_can_admin_election(user, election):
    return True

  # then this user has to be a voter
  return (get_voter(request, user, election) != None)
Ejemplo n.º 22
0
def one_election_set_result_and_proof(request, election):
  if election.tally_type != "homomorphic" or election.encrypted_tally == None:
    return HttpResponseRedirect(reverse(one_election_view,args=[election.election_id]))

  # FIXME: check csrf
  
  election.result = utils.from_json(request.POST['result'])
  election.result_proof = utils.from_json(request.POST['result_proof'])
  election.save()

  if get_user(request):
    return HttpResponseRedirect(reverse(one_election_view, args=[election.uuid]))
  else:
    return SUCCESS
Ejemplo n.º 23
0
def render_template(request, template_name, vars={}):
    t = loader.get_template(template_name + '.html')

    vars_with_user = vars.copy()
    vars_with_user['user'] = get_user(request)
    vars_with_user['settings'] = settings
    vars_with_user['CURRENT_URL'] = request.path

    # csrf protection
    if request.session.has_key('csrf_token'):
        vars_with_user['csrf_token'] = request.session['csrf_token']

    return render_to_response('server_ui/templates/%s.html' % template_name,
                              vars_with_user)
Ejemplo n.º 24
0
def one_election_cast_done(request, election):
  user = get_user(request)
  voter = Voter.get_by_election_and_user(election, user)
  votes = CastVote.get_by_voter(voter)

  logout = settings.LOGOUT_ON_CONFIRMATION
  
  # local logout ensures that there's no more
  # user locally
  if logout:
    auth_views.do_local_logout(request)
    
  # remote logout is happening asynchronously in an iframe to be modular given the logout mechanism
  return render_template(request, 'cast_done', {'election': election, 'last_vote': votes[0], 'logout': logout})
Ejemplo n.º 25
0
def stats(request):
  user = get_user(request)
  if not user or not user.admin_p:
    raise PermissionDenied()

  page = int(request.GET.get('page', 1))
  limit = int(request.GET.get('limit', 25))

  elections = Election.objects.all().order_by('-created_at')
  elections_paginator = Paginator(elections, limit)
  elections_page = elections_paginator.page(page)

  return render_template(request, "stats", {'elections' : elections_page.object_list, 'elections_page': elections_page,
                                            'limit' : limit})
Ejemplo n.º 26
0
def one_election_set_featured(request, election):
  """
  Set whether this is a featured election or not
  """

  user = get_user(request)
  if not security.user_can_feature_election(user, election):
    raise PermissionDenied()

  featured_p = bool(int(request.GET['featured_p']))
  election.featured_p = featured_p
  election.save()

  return HttpResponseRedirect(reverse(one_election_view, args=[election.uuid]))
Ejemplo n.º 27
0
def one_election_freeze(request, election):
  # figure out the number of questions and trustees
  issues = election.issues_before_freeze

  if request.method == "GET":
    return render_template(request, 'election_freeze', {'election': election, 'issues' : issues, 'issues_p' : len(issues) > 0})
  else:
    check_csrf(request)

    election.freeze()

    if get_user(request):
      return HttpResponseRedirect(reverse(one_election_view, args=[election.uuid]))
    else:
      return SUCCESS
Ejemplo n.º 28
0
def prepare_vars(request, vars):
  vars_with_user = vars.copy()
  
  if request:
    vars_with_user['user'] = get_user(request)
    vars_with_user['csrf_token'] = request.session['csrf_token']
    vars_with_user['SECURE_URL_HOST'] = settings.SECURE_URL_HOST
    
  vars_with_user['STATIC'] = '/static/auth'
  vars_with_user['MEDIA_URL'] = '/static/auth/'
  vars_with_user['TEMPLATE_BASE'] = auth.TEMPLATE_BASE
  
  vars_with_user['settings'] = settings
  
  return vars_with_user
Ejemplo n.º 29
0
def prepare_vars(request, vars):
  vars_with_user = vars.copy()
  vars_with_user['user'] = get_user(request)
  
  # csrf protection
  if request.session.has_key('csrf_token'):
    vars_with_user['csrf_token'] = request.session['csrf_token']
    
  vars_with_user['utils'] = utils
  vars_with_user['settings'] = settings
  vars_with_user['HELIOS_STATIC'] = '/static/helios/helios'
  vars_with_user['TEMPLATE_BASE'] = helios.TEMPLATE_BASE
  vars_with_user['CURRENT_URL'] = request.path
  
  return vars_with_user
Ejemplo n.º 30
0
def one_election_archive(request, election, admin, api_client):
  
  archive_p = request.GET.get('archive_p', True)
  
  if bool(int(archive_p)):
    election.archived_at = datetime.datetime.utcnow()
  else:
    election.archived_at = None
    
  storage.election_update(election)

  if get_user(request):
    return HttpResponseRedirect(reverse(one_election_view, args=[election.uuid]))
  else:
    return SUCCESS
Ejemplo n.º 31
0
def prepare_vars(request, vars):
    vars_with_user = vars.copy()
    vars_with_user['user'] = get_user(request)

    # csrf protection
    if request.session.has_key('csrf_token'):
        vars_with_user['csrf_token'] = request.session['csrf_token']

    vars_with_user['utils'] = utils
    vars_with_user['settings'] = settings
    vars_with_user['HELIOS_STATIC'] = '/static/helios/helios'
    vars_with_user['TEMPLATE_BASE'] = helios.TEMPLATE_BASE
    vars_with_user['CURRENT_URL'] = request.path
    vars_with_user['SECURE_URL_HOST'] = settings.SECURE_URL_HOST

    return vars_with_user
Ejemplo n.º 32
0
def one_election_cast_done(request, election):
  user = get_user(request)
  voter = Voter.get_by_election_and_user(election, user)
  votes = CastVote.get_by_voter(voter)

  logout = settings.LOGOUT_ON_CONFIRMATION
  
  # local logout ensures that there's no more
  # user locally
  # WHY DO WE COMMENT THIS OUT? because we want to force a full logout via the iframe, including
  # from remote systems, just in case, i.e. CAS
  # if logout:
  #   auth_views.do_local_logout(request)
    
  # remote logout is happening asynchronously in an iframe to be modular given the logout mechanism
  return render_template(request, 'cast_done', {'election': election, 'last_vote': votes[0], 'logout': logout}, include_user=False)
Ejemplo n.º 33
0
def one_election_cast_done(request, election):
  """
  This view needs to be loaded because of the IFRAME, but then this causes
  problems if someone clicks "reload". So we need a strategy.
  We store the ballot hash in the session
  """
  user = get_user(request)
  voter = get_voter(request, user, election)

  if voter:
    votes = CastVote.get_by_voter(voter)
    vote_hash = votes[0].vote_hash
    cv_url = get_castvote_url(votes[0])

    # only log out if the setting says so *and* we're dealing
    # with a site-wide voter. Definitely remove current_voter
    if voter.user == user:
      logout = settings.LOGOUT_ON_CONFIRMATION
    else:
      logout = False
      del request.session['CURRENT_VOTER']

    save_in_session_across_logouts(request, 'last_vote_hash', vote_hash)
    save_in_session_across_logouts(request, 'last_vote_cv_url', cv_url)
  else:
    vote_hash = request.session['last_vote_hash']
    cv_url = request.session['last_vote_cv_url']
    logout = False

  # local logout ensures that there's no more
  # user locally
  # WHY DO WE COMMENT THIS OUT? because we want to force a full logout via the iframe, including
  # from remote systems, just in case, i.e. CAS
  # if logout:
  #   auth_views.do_local_logout(request)

  # tweet/fb your vote
  socialbuttons_url = get_socialbuttons_url(cv_url, 'I cast a vote in %s' % election.name)

  # remote logout is happening asynchronously in an iframe to be modular given the logout mechanism
  # include_user is set to False if logout is happening
  return render_template(request, 'cast_done', {'election': election,
                                                'vote_hash': vote_hash, 'logout': logout,
                                                'socialbuttons_url': socialbuttons_url},
                         include_user=(not logout))
Ejemplo n.º 34
0
def follow_view(request):
  if request.method == "GET":
    from helios.view_utils import render_template
    from auth.views import after
    
    return render_template(request, 'twitter/follow', {'user_to_follow': USER_TO_FOLLOW, 'reason_to_follow' : REASON_TO_FOLLOW})

  if request.method == "POST":
    follow_p = bool(request.POST.get('follow_p',False))
    
    if follow_p:
      from auth.security import get_user

      user = get_user(request)
      twitter_client = _get_client_by_token(user.token)
      result = twitter_client.oauth_request('http://api.twitter.com/1/friendships/create.json', args={'screen_name': USER_TO_FOLLOW}, method='POST')

    from auth.views import after_intervention
    return HttpResponseRedirect(reverse(after_intervention))
Ejemplo n.º 35
0
def user_can_see_election(request, election):
    user = get_user(request)

    if not election.private_p:
        return True

    # election is private

    # but maybe this user is the administrator?
    if user_can_admin_election(user, election):
        return True

    # or maybe this is a trustee of the election?
    trustee = get_logged_in_trustee(request)
    if trustee and trustee.election.uuid == election.uuid:
        return True

    # then this user has to be a voter
    return (get_voter(request, user, election) != None)
Ejemplo n.º 36
0
def prepare_vars(request, vars):
  vars_with_user = vars.copy()
  vars_with_user['user'] = get_user(request)

  # csrf protection
  if request.session.has_key('csrf_token'):
    vars_with_user['csrf_token'] = request.session['csrf_token']

  vars_with_user['STATIC'] = '/static/'
  vars_with_user['MEDIA_URL'] = '/static/'
  vars_with_user['HELIOS_STATIC'] = '/static/helios/helios/'
  vars_with_user['utils'] = utils
  vars_with_user['settings'] = settings
  vars_with_user['TEMPLATE_BASE'] = 'templates/base.html'
  vars_with_user['messages'] = messages.get_messages(request)
  vars_with_user['CURRENT_URL'] = request.path
  vars_with_user['SECURE_URL_HOST'] = settings.SECURE_URL_HOST

  return vars_with_user
Ejemplo n.º 37
0
def require_admin(request):
    user = get_user(request)
    if not user or not user.admin_p:
        raise PermissionDenied()

    return user