Password-users are not allowed to participate in open-registration elections
crazyscientist opened this issue · comments
Andreas Hasenkopf commented
Problem
If the option "Anyone can vote" is chosen for an election, nobody can cast a vote.
Steps to reproduce
- Install the Django project in a VirtualEnv and apply migrations
- Set env. variables
AUTH_ENABLED_SYSTEMS
andAUTH_DEFAULT_SYSTEM
to "password" - Start server
- Create an election with a few questions/answers
- In the "Voters and Ballot Tracking Center" choose "Anyone can vote"
- Freeze the election
- Try to cast the vote
At the final step of the vote casting process the voter is asked for their "voter ID" and password.
However, the responsible view only tries to match the provided credentials against the voter list, which was not created, because its an open election.
Andreas Hasenkopf commented
It seems to be a design choice, that users, which are not authenticated via a 3rd party service (e.g. Google, GitHub, ..., i.e. users with password stored in the DB (see #371)), are not allowed to participate in open-registration elections.
This is prohibited by the function _check_eligibility
in helios/views.py