def select(request):
"""Renders the candidate selection list.
The link to the voting page for each candidate contains an identifier
which is the result of encrypting the candidate number with a random
session key. The main benefit from this is that the chosen candidate can
not be identified from the used URL. This allows us to use GET requests
instead of POST requests without having to worry about leaking information
in server logs and browser history.
:param request: The currently active request.
:type request: :py:class:`pyramid.request.Request`
:rtype: dict
"""
# Deco Grid positions for the candidate columns.
positions = '0 1:3 2:3'.split()
session = DBSession()
log = logging.getLogger('nuvavaalit')
# Disable caching
request.add_response_callback(disable_caching)
# Require authentication.
voter = authenticated_user(request)
if voter is None:
log.warn('Unauthenticated attempt to select candidates.')
raise HTTPForbidden()
# User should vote only once.
if voter.has_voted():
log.warn('User "{}" attempted to select candidates after voting.'.format(voter.username))
return exit_voting(request)
query = session.query(Candidate)\
.filter(Candidate.number != Candidate.EMPTY_CANDIDATE)\
.order_by(Candidate.number)
candidates = []
for candidate in query.all():
candidates.append({
'name': candidate.fullname(),
'number': candidate.number,
'vote_url': route_url('vote', request, id=encrypt(str(candidate.number), request.session['encryption_key'])),
'image_url': request.static_url('nuvavaalit:views/templates/static/images/candidates/{}.jpg'.format(candidate.number)),
})
return {
'candidates': split_candidates(candidates, len(positions)),
'positions': cycle(positions),
'columns': len(positions),
'empty_vote_url': route_url('vote', request, id=encrypt(str(Candidate.EMPTY_CANDIDATE), request.session['encryption_key'])),
'empty_vote_number': Candidate.EMPTY_CANDIDATE,
}
def test_encryption_roundtrip(self):
"""Ensure that we can pass information through an encrypt/decrypt cycle."""
from nuvavaalit.crypto import encrypt
from nuvavaalit.crypto import decrypt
for value in '1', 'foo', 'fööbär':
self.assertEquals(value, decrypt(encrypt(value, 'secret'), 'secret'))
def test_encrypt(self):
"""Ensure that encryption does mangles the data."""
from nuvavaalit.crypto import encrypt
self.assertFalse('value' in encrypt('value', 'secret'))
