Commit a1cfe994 authored by Stephane Glondu's avatar Stephane Glondu

Protect shuffle pages from authenticated users

parent 14c7eb4a
Pipeline #91380 passed with stages
in 26 minutes and 48 seconds
......@@ -2027,27 +2027,31 @@ let () =
let () =
Any.register ~service:election_shuffle_link
(fun (uuid, token) () ->
let%lwt expected_token = Web_persist.get_shuffle_token uuid in
if token = expected_token then (
let%lwt election = find_election uuid in
T.shuffle election token >>= Html.send
) else forbidden ()
without_site_user (fun () ->
let%lwt expected_token = Web_persist.get_shuffle_token uuid in
if token = expected_token then (
let%lwt election = find_election uuid in
T.shuffle election token >>= Html.send
) else forbidden ()
)
)
let () =
Any.register ~service:election_shuffle_post
(fun (uuid, token) shuffle ->
let%lwt expected_token = Web_persist.get_shuffle_token uuid in
if token = expected_token then (
match%lwt Web_persist.append_to_shuffles uuid shuffle with
| true ->
let%lwt () = Web_persist.clear_shuffle_token uuid in
T.generic_page ~title:"Success" "The shuffle has been successfully applied!" () >>= Html.send
| false ->
T.generic_page ~title:"Error" "An error occurred while applying the shuffle." () >>= Html.send
| exception e ->
T.generic_page ~title:"Error" (Printf.sprintf "Data is invalid! (%s)" (Printexc.to_string e)) () >>= Html.send
) else forbidden ()
without_site_user (fun () ->
let%lwt expected_token = Web_persist.get_shuffle_token uuid in
if token = expected_token then (
match%lwt Web_persist.append_to_shuffles uuid shuffle with
| true ->
let%lwt () = Web_persist.clear_shuffle_token uuid in
T.generic_page ~title:"Success" "The shuffle has been successfully applied!" () >>= Html.send
| false ->
T.generic_page ~title:"Error" "An error occurred while applying the shuffle." () >>= Html.send
| exception e ->
T.generic_page ~title:"Error" (Printf.sprintf "Data is invalid! (%s)" (Printexc.to_string e)) () >>= Html.send
) else forbidden ()
)
)
let () =
......
......@@ -7,7 +7,7 @@ import sys
from distutils.util import strtobool
from util.fake_sent_emails_manager import FakeSentEmailsManager
from util.selenium_tools import wait_for_element_exists, wait_for_an_element_with_partial_link_text_exists, wait_for_element_exists_and_has_non_empty_attribute, wait_for_element_exists_and_contains_expected_text
from util.election_testing import console_log, remove_database_folder, wait_a_bit, build_css_selector_to_find_buttons_in_page_content_by_value, initialize_server, initialize_browser, verify_election_consistency, create_election_data_snapshot, delete_election_data_snapshot, log_in_as_administrator
from util.election_testing import console_log, remove_database_folder, wait_a_bit, build_css_selector_to_find_buttons_in_page_content_by_value, initialize_server, initialize_browser, verify_election_consistency, create_election_data_snapshot, delete_election_data_snapshot, log_in_as_administrator, log_out
from util.election_test_base import BeleniosElectionTestBase
import settings
......@@ -69,9 +69,15 @@ class BeleniosTestElectionScenario1(BeleniosElectionTestBase):
wait_a_bit()
# She clicks on the "Shuffle link" link
# She looks for the "Shuffle link" link
shuffle_element = wait_for_element_exists(browser, "#shuffle-link", settings.EXPLICIT_WAIT_TIMEOUT)
shuffle_element.click()
shuffle_link = shuffle_element.get_attribute("href")
console_log("Shuffle link is " + shuffle_link);
# She logs out and goes to the shuffle link
log_out(browser)
wait_a_bit()
browser.get(shuffle_link)
wait_a_bit()
......@@ -99,6 +105,9 @@ class BeleniosTestElectionScenario1(BeleniosElectionTestBase):
administration_link_element = wait_for_an_element_with_partial_link_text_exists(browser, administration_link_label, settings.EXPLICIT_WAIT_TIMEOUT)
administration_link_element.click()
# She logs in as administrator
log_in_as_administrator(browser, from_a_login_page=True)
# She clicks on the "Proceed to decryption" button
decrypt_button_label = "Proceed to decryption"
decrypt_button_css_selector = build_css_selector_to_find_buttons_in_page_content_by_value(decrypt_button_label)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment