Password-users are not allowed to participate in open-registration elections

Question

Password-users are not allowed to participate in open-registration elections

crazyscientist opened this issue a year ago · comments

Andreas Hasenkopf commented a year ago

Problem

If the option "Anyone can vote" is chosen for an election, nobody can cast a vote.

Steps to reproduce

Install the Django project in a VirtualEnv and apply migrations
Set env. variables AUTH_ENABLED_SYSTEMS and AUTH_DEFAULT_SYSTEM to "password"
Start server
Create an election with a few questions/answers
In the "Voters and Ballot Tracking Center" choose "Anyone can vote"
Freeze the election
Try to cast the vote

At the final step of the vote casting process the voter is asked for their "voter ID" and password.

However, the responsible view only tries to match the provided credentials against the voter list, which was not created, because its an open election.

Andreas Hasenkopf · Answer 1 · Thu Feb 02 2023 18:12:30 GMT+0800 (China Standard Time)

It seems to be a design choice, that users, which are not authenticated via a 3rd party service (e.g. Google, GitHub, ..., i.e. users with password stored in the DB (see #371)), are not allowed to participate in open-registration elections.

This is prohibited by the function _check_eligibility in helios/views.py