Exemplo n.º 1
0
    def verify_id(self, vote_id):
        # check if valid vote ID
        if not formatutil.is_vote_verification_id(vote_id):
            # We don't know how large vote_id is, so don't write to disk
            evlog.log_error("Malformed vote ID")
            raise HTSVerifyException, evcommon.VERIFY_ERROR

        vote_id = vote_id.lower()
        otp_key = htscommon.get_verification_key(vote_id)

        # check if corresponding OTP exists
        if not self._rreg.check(otp_key):
            evlog.log_error("No such vote ID: %s" % vote_id)
            raise HTSVerifyException, evcommon.VERIFY_ERROR

        self._voter_code = self._rreg.read_string_value(\
                otp_key, "voter").value.rstrip()

        # check if timestamp is OK
        current = int(time.time())
        created = self._rreg.read_integer_value(otp_key, "timestamp").value
        timeout = Election().get_verification_time() * 60
        if created + timeout < current:
            evlog.log("Vote ID %s has expired" % vote_id)
            self.__revoke_vote_id()
            raise HTSVerifyException, evcommon.VERIFY_ERROR

        # check if count is OK
        count = self._rreg.read_integer_value(otp_key, "count").value
        if count <= 0:
            evlog.log_error("Vote ID %s count is zero, but had not been revoked")
            self.__revoke_vote_id()
            raise HTSVerifyException, evcommon.VERIFY_ERROR

        self._vote_id = vote_id
Exemplo n.º 2
0
def do_cgi():
    try:
        elec = election.Election()
        evlog.AppLog().set_app(APP)

        # Create a list of pairs from the form parameters. Don't use a dictionary
        # because that will overwrite recurring keys.
        form = cgi.FieldStorage()
        params = []
        for key in form:
            for value in form.getlist(key):
                params.append((key, value))

        # Only accept up to a single parameter
        if len(params) > 1:

            def keys(pairs):
                """Return a comma-separated list of the keys."""
                return ", ".join([pair[0] for pair in pairs])

            evlog.log_error("Too many query parameters: " + keys(params))
            bad_parameters()
            return

        # Only accept the POST_VERIFY_VOTE parameter.
        if len(params) and params[0][0] != evcommon.POST_VERIFY_VOTE:
            evlog.log_error('Unknown query parameter "%s"' % params[0][0])
            bad_parameters()
            return

        # Make sure the parameter is correctly formatted.
        if not formatutil.is_vote_verification_id(params[0][1]):
            # Don't write to disk; we don't know how large the value is
            evlog.log_error("Malformed vote ID")
            bad_parameters()
            return

        evlog.log("verif/auth REMOTE_ADDR: " + evlogdata.get_remote_ip())
        evlog.log("verif/auth VOTE-ID: " + params[0][1])

        params.append((evcommon.POST_SESS_ID, sessionid.voting()))

        url = "http://" + elec.get_hts_ip() + "/" + elec.get_hts_verify_path()
        conn = urllib.urlopen(url, urllib.urlencode(params))
        protocol.http_response(conn.read())
    except:
        evlog.log_exception()
        technical_error()
Exemplo n.º 3
0
def do_cgi():
    try:
        elec = election.Election()
        evlog.AppLog().set_app(APP)

        # Create a list of pairs from the form parameters. Don't use a dictionary
        # because that will overwrite recurring keys.
        form = cgi.FieldStorage()
        params = []
        for key in form:
            for value in form.getlist(key):
                params.append((key, value))

        # Only accept up to a single parameter
        if len(params) > 1:
            def keys(pairs):
                """Return a comma-separated list of the keys."""
                return ", ".join([pair[0] for pair in pairs])

            evlog.log_error("Too many query parameters: " + keys(params))
            bad_parameters()
            return

        # Only accept the POST_VERIFY_VOTE parameter.
        if len(params) and params[0][0] != evcommon.POST_VERIFY_VOTE:
            evlog.log_error("Unknown query parameter \"%s\"" % params[0][0])
            bad_parameters()
            return

        # Make sure the parameter is correctly formatted.
        if not formatutil.is_vote_verification_id(params[0][1]):
            # Don't write to disk; we don't know how large the value is
            evlog.log_error("Malformed vote ID")
            bad_parameters()
            return

        evlog.log("verif/auth REMOTE_ADDR: " + evlogdata.get_remote_ip())
        evlog.log("verif/auth VOTE-ID: " + params[0][1])

        params.append((evcommon.POST_SESS_ID, sessionid.voting()))

        url = "http://" + elec.get_hts_ip() + "/" + elec.get_hts_verify_path()
        conn = urllib.urlopen(url, urllib.urlencode(params))
        protocol.http_response(conn.read())
    except:
        evlog.log_exception()
        technical_error()
Exemplo n.º 4
0
        for value in form.getlist(key):
            params.append((key, value))

    # Only accept up to a single parameter
    if len(params) > 1:

        def keys(pairs):
            """Return a comma-separated list of the keys."""
            return ", ".join([pair[0] for pair in pairs])

        AppLog().log_error("Too many query parameters: " + keys(params))
        bad_parameters()

    # Only accept the POST_VERIFY_VOTE parameter.
    if len(params) and params[0][0] != evcommon.POST_VERIFY_VOTE:
        AppLog().log_error("Unknown query parameter \"%s\"" % params[0][0])
        bad_parameters()

    # Make sure the parameter is correctly formatted.
    if not formatutil.is_vote_verification_id(params[0][1]):
        # Don't write to disk; we don't know how large the value is
        AppLog().log_error("Malformed vote ID")
        bad_parameters()

    url = "http://" + elec.get_hts_ip() + "/" + elec.get_hts_verify_path()
    conn = urllib.urlopen(url, urllib.urlencode(params))
    protocol.http_response(conn.read())
    cgi.sys.exit(0)

# vim:set ts=4 sw=4 et fileencoding=utf8:
Exemplo n.º 5
0
    if len(params) > 1:

        def keys(pairs):
            """Return a comma-separated list of the keys."""
            return ", ".join([pair[0] for pair in pairs])

        evlog.log_error("Too many query parameters: " + keys(params))
        bad_parameters()

    # Only accept the POST_VERIFY_VOTE parameter.
    if len(params) and params[0][0] != evcommon.POST_VERIFY_VOTE:
        evlog.log_error('Unknown query parameter "%s"' % params[0][0])
        bad_parameters()

    # Make sure the parameter is correctly formatted.
    if not formatutil.is_vote_verification_id(params[0][1]):
        # Don't write to disk; we don't know how large the value is
        evlog.log_error("Malformed vote ID")
        bad_parameters()

    evlog.log("verif/auth REMOTE_ADDR: " + evlogdata.get_remote_ip())
    evlog.log("verif/auth VOTE-ID: " + params[0][1])

    params.append((evcommon.POST_SESS_ID, sessionid.voting()))

    url = "http://" + elec.get_hts_ip() + "/" + elec.get_hts_verify_path()
    conn = urllib.urlopen(url, urllib.urlencode(params))
    protocol.http_response(conn.read())
    cgi.sys.exit(0)

# vim:set ts=4 sw=4 et fileencoding=utf8: