def verify_id(self, vote_id): # check if valid vote ID if not formatutil.is_vote_verification_id(vote_id): # We don't know how large vote_id is, so don't write to disk evlog.log_error("Malformed vote ID") raise HTSVerifyException, evcommon.VERIFY_ERROR vote_id = vote_id.lower() otp_key = htscommon.get_verification_key(vote_id) # check if corresponding OTP exists if not self._rreg.check(otp_key): evlog.log_error("No such vote ID: %s" % vote_id) raise HTSVerifyException, evcommon.VERIFY_ERROR self._voter_code = self._rreg.read_string_value(\ otp_key, "voter").value.rstrip() # check if timestamp is OK current = int(time.time()) created = self._rreg.read_integer_value(otp_key, "timestamp").value timeout = Election().get_verification_time() * 60 if created + timeout < current: evlog.log("Vote ID %s has expired" % vote_id) self.__revoke_vote_id() raise HTSVerifyException, evcommon.VERIFY_ERROR # check if count is OK count = self._rreg.read_integer_value(otp_key, "count").value if count <= 0: evlog.log_error("Vote ID %s count is zero, but had not been revoked") self.__revoke_vote_id() raise HTSVerifyException, evcommon.VERIFY_ERROR self._vote_id = vote_id
def do_cgi(): try: elec = election.Election() evlog.AppLog().set_app(APP) # Create a list of pairs from the form parameters. Don't use a dictionary # because that will overwrite recurring keys. form = cgi.FieldStorage() params = [] for key in form: for value in form.getlist(key): params.append((key, value)) # Only accept up to a single parameter if len(params) > 1: def keys(pairs): """Return a comma-separated list of the keys.""" return ", ".join([pair[0] for pair in pairs]) evlog.log_error("Too many query parameters: " + keys(params)) bad_parameters() return # Only accept the POST_VERIFY_VOTE parameter. if len(params) and params[0][0] != evcommon.POST_VERIFY_VOTE: evlog.log_error('Unknown query parameter "%s"' % params[0][0]) bad_parameters() return # Make sure the parameter is correctly formatted. if not formatutil.is_vote_verification_id(params[0][1]): # Don't write to disk; we don't know how large the value is evlog.log_error("Malformed vote ID") bad_parameters() return evlog.log("verif/auth REMOTE_ADDR: " + evlogdata.get_remote_ip()) evlog.log("verif/auth VOTE-ID: " + params[0][1]) params.append((evcommon.POST_SESS_ID, sessionid.voting())) url = "http://" + elec.get_hts_ip() + "/" + elec.get_hts_verify_path() conn = urllib.urlopen(url, urllib.urlencode(params)) protocol.http_response(conn.read()) except: evlog.log_exception() technical_error()
def do_cgi(): try: elec = election.Election() evlog.AppLog().set_app(APP) # Create a list of pairs from the form parameters. Don't use a dictionary # because that will overwrite recurring keys. form = cgi.FieldStorage() params = [] for key in form: for value in form.getlist(key): params.append((key, value)) # Only accept up to a single parameter if len(params) > 1: def keys(pairs): """Return a comma-separated list of the keys.""" return ", ".join([pair[0] for pair in pairs]) evlog.log_error("Too many query parameters: " + keys(params)) bad_parameters() return # Only accept the POST_VERIFY_VOTE parameter. if len(params) and params[0][0] != evcommon.POST_VERIFY_VOTE: evlog.log_error("Unknown query parameter \"%s\"" % params[0][0]) bad_parameters() return # Make sure the parameter is correctly formatted. if not formatutil.is_vote_verification_id(params[0][1]): # Don't write to disk; we don't know how large the value is evlog.log_error("Malformed vote ID") bad_parameters() return evlog.log("verif/auth REMOTE_ADDR: " + evlogdata.get_remote_ip()) evlog.log("verif/auth VOTE-ID: " + params[0][1]) params.append((evcommon.POST_SESS_ID, sessionid.voting())) url = "http://" + elec.get_hts_ip() + "/" + elec.get_hts_verify_path() conn = urllib.urlopen(url, urllib.urlencode(params)) protocol.http_response(conn.read()) except: evlog.log_exception() technical_error()
for value in form.getlist(key): params.append((key, value)) # Only accept up to a single parameter if len(params) > 1: def keys(pairs): """Return a comma-separated list of the keys.""" return ", ".join([pair[0] for pair in pairs]) AppLog().log_error("Too many query parameters: " + keys(params)) bad_parameters() # Only accept the POST_VERIFY_VOTE parameter. if len(params) and params[0][0] != evcommon.POST_VERIFY_VOTE: AppLog().log_error("Unknown query parameter \"%s\"" % params[0][0]) bad_parameters() # Make sure the parameter is correctly formatted. if not formatutil.is_vote_verification_id(params[0][1]): # Don't write to disk; we don't know how large the value is AppLog().log_error("Malformed vote ID") bad_parameters() url = "http://" + elec.get_hts_ip() + "/" + elec.get_hts_verify_path() conn = urllib.urlopen(url, urllib.urlencode(params)) protocol.http_response(conn.read()) cgi.sys.exit(0) # vim:set ts=4 sw=4 et fileencoding=utf8:
if len(params) > 1: def keys(pairs): """Return a comma-separated list of the keys.""" return ", ".join([pair[0] for pair in pairs]) evlog.log_error("Too many query parameters: " + keys(params)) bad_parameters() # Only accept the POST_VERIFY_VOTE parameter. if len(params) and params[0][0] != evcommon.POST_VERIFY_VOTE: evlog.log_error('Unknown query parameter "%s"' % params[0][0]) bad_parameters() # Make sure the parameter is correctly formatted. if not formatutil.is_vote_verification_id(params[0][1]): # Don't write to disk; we don't know how large the value is evlog.log_error("Malformed vote ID") bad_parameters() evlog.log("verif/auth REMOTE_ADDR: " + evlogdata.get_remote_ip()) evlog.log("verif/auth VOTE-ID: " + params[0][1]) params.append((evcommon.POST_SESS_ID, sessionid.voting())) url = "http://" + elec.get_hts_ip() + "/" + elec.get_hts_verify_path() conn = urllib.urlopen(url, urllib.urlencode(params)) protocol.http_response(conn.read()) cgi.sys.exit(0) # vim:set ts=4 sw=4 et fileencoding=utf8: