def index(request):
"""
the page from which one chooses how to log in.
"""
user = get_user(request)
# single auth system?
if len(auth.ENABLED_AUTH_SYSTEMS) == 1 and not user:
return HttpResponseRedirect(
reverse(start, args=[auth.ENABLED_AUTH_SYSTEMS[0]]) +
'?return_url=' + request.GET.get('return_url', ''))
#if auth.DEFAULT_AUTH_SYSTEM and not user:
# return HttpResponseRedirect(reverse(start, args=[auth.DEFAULT_AUTH_SYSTEM])+ '?return_url=' + request.GET.get('return_url', ''))
default_auth_system_obj = None
if auth.DEFAULT_AUTH_SYSTEM:
default_auth_system_obj = AUTH_SYSTEMS[auth.DEFAULT_AUTH_SYSTEM]
#form = password.LoginForm()
return render_template(
request, 'index', {
'return_url': request.GET.get('return_url', '/'),
'enabled_auth_systems': auth.ENABLED_AUTH_SYSTEMS,
'default_auth_system': auth.DEFAULT_AUTH_SYSTEM,
'default_auth_system_obj': default_auth_system_obj
})
def voters_list_pretty(request, election):
"""
Show the list of voters
"""
after = request.GET.get('after', None)
offset= int(request.GET.get('offset', 0))
limit = int(request.GET.get('limit', 50))
order_by = 'voter_id'
user = get_user(request)
admin_p = user and (user == election.admin)
# files being processed
voter_files = election.voterfile_set.all()
# load a bunch of voters
voters = Voter.get_by_election(election, after=after, limit=limit+1, order_by=order_by)
more_p = len(voters) > limit
if more_p:
voters = voters[0:limit]
next_after = getattr(voters[limit-1], order_by)
else:
next_after = None
return render_template(request, 'voters_list', {'election': election, 'voters': voters, 'admin_p': admin_p,
'next_after': next_after, 'email_voters': helios.VOTERS_EMAIL,
'offset': offset, 'limit': limit, 'offset_plus_one': offset+1,
'offset_plus_limit': offset+min(limit,len(voters)),
'upload_p': helios.VOTERS_UPLOAD,
'voter_files': voter_files})
def index(request):
"""
the page from which one chooses how to log in.
"""
user = get_user(request)
# single auth system?
if len(auth.ENABLED_AUTH_SYSTEMS) == 1 and not user:
return HttpResponseRedirect(reverse(start, args=[auth.ENABLED_AUTH_SYSTEMS[0]])+ '?return_url=' + request.GET.get('return_url', ''))
#if auth.DEFAULT_AUTH_SYSTEM and not user:
# return HttpResponseRedirect(reverse(start, args=[auth.DEFAULT_AUTH_SYSTEM])+ '?return_url=' + request.GET.get('return_url', ''))
default_auth_system_obj = None
if auth.DEFAULT_AUTH_SYSTEM:
default_auth_system_obj = auth_systems.AUTH_SYSTEMS[auth.DEFAULT_AUTH_SYSTEM]
form = password.LoginForm()
return render_template(request,'index', {'return_url' : request.GET.get('return_url', '/'),
'enabled_auth_systems' : auth.ENABLED_AUTH_SYSTEMS,
'default_auth_system': auth.DEFAULT_AUTH_SYSTEM,
'default_auth_system_obj': default_auth_system_obj,
'form' : form})
def one_election_view(request, election):
user = get_user(request)
admin_p = user and (user == election.admin)
notregistered = False
eligible_p = True
if user:
voter = Voter.get_by_election_and_user(election, user)
if voter:
# cast any votes?
votes = CastVote.get_by_election_and_voter(election, voter)
else:
eligible_p = _check_eligibility(election, user)
votes = None
notregistered = True
else:
voter = None
votes = None
trustees = Trustee.get_by_election(election)
return render_template(request, 'election_view', {'election' : election, 'trustees': trustees, 'admin_p': admin_p, 'user': user, 'voter': voter, 'votes': votes, 'notregistered': notregistered, 'email_voters': helios.VOTERS_EMAIL, 'eligible_p': eligible_p})
def voters_eligibility(request, election):
"""
set eligibility for voters
"""
user = get_user(request)
if request.method == "GET":
# this shouldn't happen, only POSTs
return HttpResponseRedirect("/")
# for now, private elections cannot change eligibility
if election.private_p:
return HttpResponseRedirect(reverse(voters_list_pretty, args=[election.uuid]))
# eligibility
eligibility = request.POST['eligibility']
if eligibility in ['openreg', 'limitedreg']:
election.openreg= True
if eligibility == 'closedreg':
election.openreg= False
if eligibility == 'limitedreg':
# now process the constraint
category_id = request.POST['category_id']
constraint = AUTH_SYSTEMS[user.user_type].generate_constraint(category_id, user)
election.eligibility = [{'auth_system': user.user_type, 'constraint': [constraint]}]
else:
election.eligibility = None
election.save()
return HttpResponseRedirect(reverse(voters_list_pretty, args=[election.uuid]))
def home(request):
user = get_user(request)
if user:
elections = Election.get_by_user_as_admin(user, archived_p = False)
else:
elections = []
return render_template(request, "index", {'elections' : elections})
def elections_administered(request):
if not can_create_election(request):
return HttpResponseForbidden('only an administrator has elections to administer')
user = get_user(request)
elections = Election.get_by_user_as_admin(user)
return render_template(request, "elections_administered", {'elections': elections})
def stats(request):
user = get_user(request)
if not user or not user.admin_p:
raise PermissionDenied()
elections = Election.objects.all().order_by('-created_at')[:25]
return render_template(request, "stats", {'elections' : elections})
def voters_list_pretty(request, election):
"""
Show the list of voters
now using Django pagination
"""
# for django pagination support
page = int(request.GET.get('page', 1))
limit = int(request.GET.get('limit', 50))
q = request.GET.get('q','')
order_by = 'user__user_id'
# unless it's by alias, in which case we better go by UUID
if election.use_voter_aliases:
order_by = 'alias'
user = get_user(request)
admin_p = security.user_can_admin_election(user, election)
categories = None
eligibility_category_id = None
try:
from auth.auth_systems import can_list_categories
if admin_p and can_list_categories(user.user_type):
categories = AUTH_SYSTEMS[user.user_type].list_categories(user)
eligibility_category_id = election.eligibility_category_id(user.user_type)
except AuthenticationExpired:
return user_reauth(request, user)
# files being processed
voter_files = election.voterfile_set.all()
# load a bunch of voters
# voters = Voter.get_by_election(election, order_by=order_by)
voters = Voter.objects.filter(election = election).order_by(order_by).defer('vote')
if q != '':
if election.use_voter_aliases:
voters = voters.filter(alias__icontains = q)
else:
voters = voters.filter(voter_name__icontains = q)
voter_paginator = Paginator(voters, limit)
voters_page = voter_paginator.page(page)
total_voters = voter_paginator.count
return render_template(request, 'voters_list',
{'election': election, 'voters_page': voters_page,
'voters': voters_page.object_list, 'admin_p': admin_p,
'email_voters': helios.VOTERS_EMAIL,
'limit': limit, 'total_voters': total_voters,
'upload_p': helios.VOTERS_UPLOAD, 'q' : q,
'voter_files': voter_files,
'categories': categories,
'eligibility_category_id' : eligibility_category_id})
def can_create_election(request):
user = get_user(request)
if not user:
return False
if helios.ADMIN_ONLY:
return user.admin_p
else:
return user != None
def can_create_election(request):
user = get_user(request)
if not user:
return False
if helios.ADMIN_ONLY:
return user.admin_p
else:
return user != None
def one_election_view(request, election):
user = get_user(request)
admin_p = security.user_can_admin_election(user, election)
can_feature_p = security.user_can_feature_election(user, election)
notregistered = False
eligible_p = True
election_url = get_election_url(election)
status_update_message = None
vote_url = "%s/booth/vote.html?%s" % (settings.SECURE_URL_HOST, urllib.urlencode({'election_url' : reverse(one_election, args=[election.uuid])}))
test_cookie_url = "%s?%s" % (reverse(test_cookie), urllib.urlencode({'continue_url' : vote_url}))
if user:
voter = Voter.get_by_election_and_user(election, user)
if voter:
# cast any votes?
votes = CastVote.get_by_voter(voter)
else:
eligible_p = _check_eligibility(election, user)
votes = None
notregistered = True
else:
voter = None
votes = None
# status update message?
if election.openreg:
if election.voting_has_started:
status_update_message = u"Vote in %s" % election.name
else:
status_update_message = u"Register to vote in %s" % election.name
# result!
if election.result:
status_update_message = u"Results are in for %s" % election.name
# a URL for the social buttons
socialbuttons_url = None
if status_update_message:
socialbuttons_url = "%s%s?%s" % (settings.SOCIALBUTTONS_URL_HOST,
reverse(socialbuttons),
urllib.urlencode({
'url' : election_url,
'text': status_update_message.encode('utf-8')
}))
trustees = Trustee.get_by_election(election)
return render_template(request, 'election_view',
{'election' : election, 'trustees': trustees, 'admin_p': admin_p, 'user': user,
'voter': voter, 'votes': votes, 'notregistered': notregistered, 'eligible_p': eligible_p,
'can_feature_p': can_feature_p, 'election_url' : election_url, 'vote_url': vote_url,
'test_cookie_url': test_cookie_url, 'socialbuttons_url' : socialbuttons_url})
def election_admin_wrapper(request, election_uuid=None, *args, **kw):
election = get_election_by_uuid(election_uuid)
user = get_user(request)
if not user_can_admin_election(user, election):
raise PermissionDenied()
# do checks
do_election_checks(election, checks)
return func(request, election, *args, **kw)
def one_election_cast(request, election):
"""
on a GET, this is a cancellation, on a POST it's a cast
"""
if request.method == "GET":
return HttpResponseRedirect(reverse(one_election_view, args = [election.uuid]))
user = get_user(request)
encrypted_vote = request.POST['encrypted_vote']
request.session['encrypted_vote'] = encrypted_vote
return HttpResponseRedirect(reverse(one_election_cast_confirm, args=[election.uuid]))
def election_admin_wrapper(request, election_uuid=None, *args, **kw):
election = get_election_by_uuid(election_uuid)
user = get_user(request)
if not user_can_admin_election(user, election):
raise PermissionDenied()
# do checks
do_election_checks(election, checks)
return func(request, election, *args, **kw)
def one_election_set_result_and_proof(request, election):
if not election.tallied:
return HttpResponseRedirect(reverse(one_election_view,args=[election.election_id]))
# FIXME: check csrf
election.result = utils.from_json(request.POST['result'])
election.result_proof = utils.from_json(request.POST['result_proof'])
election.save()
if get_user(request):
return HttpResponseRedirect(reverse(one_election_view, args=[election.uuid]))
else:
return SUCCESS
def one_election_cast(request, election):
"""
on a GET, this is a cancellation, on a POST it's a cast
"""
if request.method == "GET":
return HttpResponseRedirect("%s%s" % (settings.URL_HOST, reverse(one_election_view, args = [election.uuid])))
user = get_user(request)
encrypted_vote = request.POST['encrypted_vote']
save_in_session_across_logouts(request, 'encrypted_vote', encrypted_vote)
return HttpResponseRedirect("%s%s" % (settings.SECURE_URL_HOST, reverse(one_election_cast_confirm, args=[election.uuid])))
def one_election_register(request, election):
if not election.openreg:
return HttpResponseForbidden('registration is closed for this election')
check_csrf(request)
user = get_user(request)
voter = Voter.get_by_election_and_user(election, user)
if not voter:
voter = _register_voter(election, user)
return HttpResponseRedirect(reverse(one_election_view, args=[election.uuid]))
def one_election_cast_done(request, election):
user = get_user(request)
voter = Voter.get_by_election_and_user(election, user)
votes = CastVote.get_by_election_and_voter(election, voter)
logout = settings.LOGOUT_ON_CONFIRMATION
#if logout:
# request.session.flush()
# we suppress the user information because we're claiming logout, even though
# logout is happening asynchronously in an iframe to be modular given the logout mechanism
return render_template(request, 'cast_done', {'election': election, 'last_vote': votes[0], 'logout': logout}, include_user=False)
def render_template(request, template_name, vars = {}):
t = loader.get_template(template_name + '.html')
vars_with_user = vars.copy()
vars_with_user['user'] = get_user(request)
vars_with_user['settings'] = settings
vars_with_user['CURRENT_URL'] = request.path
# csrf protection
if request.session.has_key('csrf_token'):
vars_with_user['csrf_token'] = request.session['csrf_token']
return render_to_response('server_ui/templates/%s.html' % template_name, vars_with_user)
def user_can_see_election(request, election):
user = get_user(request)
if not election.private_p:
return True
# election is private
# but maybe this user is the administrator?
if user_can_admin_election(user, election):
return True
# then this user has to be a voter
return (get_voter(request, user, election) != None)
def one_election_set_result_and_proof(request, election):
if election.tally_type != "homomorphic" or election.encrypted_tally == None:
return HttpResponseRedirect(reverse(one_election_view,args=[election.election_id]))
# FIXME: check csrf
election.result = utils.from_json(request.POST['result'])
election.result_proof = utils.from_json(request.POST['result_proof'])
election.save()
if get_user(request):
return HttpResponseRedirect(reverse(one_election_view, args=[election.uuid]))
else:
return SUCCESS
def render_template(request, template_name, vars={}):
t = loader.get_template(template_name + '.html')
vars_with_user = vars.copy()
vars_with_user['user'] = get_user(request)
vars_with_user['settings'] = settings
vars_with_user['CURRENT_URL'] = request.path
# csrf protection
if request.session.has_key('csrf_token'):
vars_with_user['csrf_token'] = request.session['csrf_token']
return render_to_response('server_ui/templates/%s.html' % template_name,
vars_with_user)
def one_election_cast_done(request, election):
user = get_user(request)
voter = Voter.get_by_election_and_user(election, user)
votes = CastVote.get_by_voter(voter)
logout = settings.LOGOUT_ON_CONFIRMATION
# local logout ensures that there's no more
# user locally
if logout:
auth_views.do_local_logout(request)
# remote logout is happening asynchronously in an iframe to be modular given the logout mechanism
return render_template(request, 'cast_done', {'election': election, 'last_vote': votes[0], 'logout': logout})
def stats(request):
user = get_user(request)
if not user or not user.admin_p:
raise PermissionDenied()
page = int(request.GET.get('page', 1))
limit = int(request.GET.get('limit', 25))
elections = Election.objects.all().order_by('-created_at')
elections_paginator = Paginator(elections, limit)
elections_page = elections_paginator.page(page)
return render_template(request, "stats", {'elections' : elections_page.object_list, 'elections_page': elections_page,
'limit' : limit})
def one_election_set_featured(request, election):
"""
Set whether this is a featured election or not
"""
user = get_user(request)
if not security.user_can_feature_election(user, election):
raise PermissionDenied()
featured_p = bool(int(request.GET['featured_p']))
election.featured_p = featured_p
election.save()
return HttpResponseRedirect(reverse(one_election_view, args=[election.uuid]))
def one_election_freeze(request, election):
# figure out the number of questions and trustees
issues = election.issues_before_freeze
if request.method == "GET":
return render_template(request, 'election_freeze', {'election': election, 'issues' : issues, 'issues_p' : len(issues) > 0})
else:
check_csrf(request)
election.freeze()
if get_user(request):
return HttpResponseRedirect(reverse(one_election_view, args=[election.uuid]))
else:
return SUCCESS
def prepare_vars(request, vars):
vars_with_user = vars.copy()
if request:
vars_with_user['user'] = get_user(request)
vars_with_user['csrf_token'] = request.session['csrf_token']
vars_with_user['SECURE_URL_HOST'] = settings.SECURE_URL_HOST
vars_with_user['STATIC'] = '/static/auth'
vars_with_user['MEDIA_URL'] = '/static/auth/'
vars_with_user['TEMPLATE_BASE'] = auth.TEMPLATE_BASE
vars_with_user['settings'] = settings
return vars_with_user
def prepare_vars(request, vars):
vars_with_user = vars.copy()
vars_with_user['user'] = get_user(request)
# csrf protection
if request.session.has_key('csrf_token'):
vars_with_user['csrf_token'] = request.session['csrf_token']
vars_with_user['utils'] = utils
vars_with_user['settings'] = settings
vars_with_user['HELIOS_STATIC'] = '/static/helios/helios'
vars_with_user['TEMPLATE_BASE'] = helios.TEMPLATE_BASE
vars_with_user['CURRENT_URL'] = request.path
return vars_with_user
def one_election_archive(request, election, admin, api_client):
archive_p = request.GET.get('archive_p', True)
if bool(int(archive_p)):
election.archived_at = datetime.datetime.utcnow()
else:
election.archived_at = None
storage.election_update(election)
if get_user(request):
return HttpResponseRedirect(reverse(one_election_view, args=[election.uuid]))
else:
return SUCCESS
def prepare_vars(request, vars):
vars_with_user = vars.copy()
vars_with_user['user'] = get_user(request)
# csrf protection
if request.session.has_key('csrf_token'):
vars_with_user['csrf_token'] = request.session['csrf_token']
vars_with_user['utils'] = utils
vars_with_user['settings'] = settings
vars_with_user['HELIOS_STATIC'] = '/static/helios/helios'
vars_with_user['TEMPLATE_BASE'] = helios.TEMPLATE_BASE
vars_with_user['CURRENT_URL'] = request.path
vars_with_user['SECURE_URL_HOST'] = settings.SECURE_URL_HOST
return vars_with_user
def one_election_cast_done(request, election):
user = get_user(request)
voter = Voter.get_by_election_and_user(election, user)
votes = CastVote.get_by_voter(voter)
logout = settings.LOGOUT_ON_CONFIRMATION
# local logout ensures that there's no more
# user locally
# WHY DO WE COMMENT THIS OUT? because we want to force a full logout via the iframe, including
# from remote systems, just in case, i.e. CAS
# if logout:
# auth_views.do_local_logout(request)
# remote logout is happening asynchronously in an iframe to be modular given the logout mechanism
return render_template(request, 'cast_done', {'election': election, 'last_vote': votes[0], 'logout': logout}, include_user=False)
def one_election_cast_done(request, election):
"""
This view needs to be loaded because of the IFRAME, but then this causes
problems if someone clicks "reload". So we need a strategy.
We store the ballot hash in the session
"""
user = get_user(request)
voter = get_voter(request, user, election)
if voter:
votes = CastVote.get_by_voter(voter)
vote_hash = votes[0].vote_hash
cv_url = get_castvote_url(votes[0])
# only log out if the setting says so *and* we're dealing
# with a site-wide voter. Definitely remove current_voter
if voter.user == user:
logout = settings.LOGOUT_ON_CONFIRMATION
else:
logout = False
del request.session['CURRENT_VOTER']
save_in_session_across_logouts(request, 'last_vote_hash', vote_hash)
save_in_session_across_logouts(request, 'last_vote_cv_url', cv_url)
else:
vote_hash = request.session['last_vote_hash']
cv_url = request.session['last_vote_cv_url']
logout = False
# local logout ensures that there's no more
# user locally
# WHY DO WE COMMENT THIS OUT? because we want to force a full logout via the iframe, including
# from remote systems, just in case, i.e. CAS
# if logout:
# auth_views.do_local_logout(request)
# tweet/fb your vote
socialbuttons_url = get_socialbuttons_url(cv_url, 'I cast a vote in %s' % election.name)
# remote logout is happening asynchronously in an iframe to be modular given the logout mechanism
# include_user is set to False if logout is happening
return render_template(request, 'cast_done', {'election': election,
'vote_hash': vote_hash, 'logout': logout,
'socialbuttons_url': socialbuttons_url},
include_user=(not logout))
def follow_view(request):
if request.method == "GET":
from helios.view_utils import render_template
from auth.views import after
return render_template(request, 'twitter/follow', {'user_to_follow': USER_TO_FOLLOW, 'reason_to_follow' : REASON_TO_FOLLOW})
if request.method == "POST":
follow_p = bool(request.POST.get('follow_p',False))
if follow_p:
from auth.security import get_user
user = get_user(request)
twitter_client = _get_client_by_token(user.token)
result = twitter_client.oauth_request('http://api.twitter.com/1/friendships/create.json', args={'screen_name': USER_TO_FOLLOW}, method='POST')
from auth.views import after_intervention
return HttpResponseRedirect(reverse(after_intervention))
def user_can_see_election(request, election):
user = get_user(request)
if not election.private_p:
return True
# election is private
# but maybe this user is the administrator?
if user_can_admin_election(user, election):
return True
# or maybe this is a trustee of the election?
trustee = get_logged_in_trustee(request)
if trustee and trustee.election.uuid == election.uuid:
return True
# then this user has to be a voter
return (get_voter(request, user, election) != None)
def prepare_vars(request, vars):
vars_with_user = vars.copy()
vars_with_user['user'] = get_user(request)
# csrf protection
if request.session.has_key('csrf_token'):
vars_with_user['csrf_token'] = request.session['csrf_token']
vars_with_user['STATIC'] = '/static/'
vars_with_user['MEDIA_URL'] = '/static/'
vars_with_user['HELIOS_STATIC'] = '/static/helios/helios/'
vars_with_user['utils'] = utils
vars_with_user['settings'] = settings
vars_with_user['TEMPLATE_BASE'] = 'templates/base.html'
vars_with_user['messages'] = messages.get_messages(request)
vars_with_user['CURRENT_URL'] = request.path
vars_with_user['SECURE_URL_HOST'] = settings.SECURE_URL_HOST
return vars_with_user
def require_admin(request):
user = get_user(request)
if not user or not user.admin_p:
raise PermissionDenied()
return user