Merge branch 'c4dt:main' into Work-Mzmt-Authorization_1

.github/workflows/go_dvoting_test.yml

@@ -12,10 +12,10 @@ jobs:
     name: Scenario
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go ^1.17
-        uses: actions/setup-go@v2
+      - name: Use Go 1.20
+        uses: actions/setup-go@v4
         with:
-          go-version: ^1.17
+          go-version: '1.20'
 
       - name: Install crypto util from Dela
         run: |

.github/workflows/go_integration_tests.yml

@@ -11,10 +11,10 @@ jobs:
     name: Integration test
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go ^1.17
-        uses: actions/setup-go@v2
+      - name: Use Go 1.20
+        uses: actions/setup-go@v4
         with:
-          go-version: ^1.17
+          go-version: '1.20'
 
       - name: Check out code into the Go module directory
         uses: actions/checkout@v2
@@ -25,10 +25,10 @@ jobs:
     name: Test bad vote
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go ^1.17
-        uses: actions/setup-go@v2
+      - name: Use Go 1.20
+        uses: actions/setup-go@v4
         with:
-          go-version: ^1.17
+          go-version: '1.20'
 
       - name: Check out code into the Go module directory
         uses: actions/checkout@v2
@@ -39,24 +39,29 @@ jobs:
     name: Test crash
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go ^1.17
-        uses: actions/setup-go@v2
+      - name: Use Go 1.20
+        uses: actions/setup-go@v4
         with:
-          go-version: ^1.17
+          go-version: '1.20'
 
       - name: Check out code into the Go module directory
         uses: actions/checkout@v2
 
       - name: Run the crash test
-        run: go test -timeout 10m -run TestCrash ./integration/...
+        run: |
+          for a in $( seq 3 ); do
+            echo "Testing sequence $a"
+            go test -timeout 10m -run TestCrash ./integration/... && exit 0
+          done
+          exit 1
   revote:
     name: Test revote
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go ^1.17
-        uses: actions/setup-go@v2
+      - name: Use Go 1.20
+        uses: actions/setup-go@v4
         with:
-          go-version: ^1.17
+          go-version: '1.20'
 
       - name: Check out code into the Go module directory
         uses: actions/checkout@v2

.github/workflows/go_scenario_test.yml

@@ -11,10 +11,10 @@ jobs:
     name: Tests
     runs-on: ubuntu-latest
     steps:
-      - name: Set up Go ^1.17
-        uses: actions/setup-go@v2
+      - name: Use Go 1.20
+        uses: actions/setup-go@v4
         with:
-          go-version: ^1.17
+          go-version: '1.20'
 
       - name: Install crypto util from Dela
         run: |

.github/workflows/go_test.yml

@@ -10,10 +10,10 @@ jobs:
     name: Tests
     runs-on: ubuntu-latest
     steps:
-      - name: Use Go >= 1.19
-        uses: actions/setup-go@v3
+      - name: Use Go 1.20
+        uses: actions/setup-go@v4
         with:
-          go-version: '>=1.19'
+          go-version: '1.20'
         id: go
 
       - name: Check out code into the Go module directory

.github/workflows/releases.yml

@@ -13,10 +13,10 @@ jobs:
       - name: checkout
         uses: actions/checkout@v3
 
-      - name: Use go
-        uses: actions/setup-go@v3
+      - name: Use Go 1.20
+        uses: actions/setup-go@v4
         with:
-          go-version: '>=1.18'
+          go-version: '1.20'
 
       - name: Install fpm
         run: |

go.mod

@@ -1,6 +1,6 @@
 module github.com/c4dt/d-voting
 
-go 1.19
+go 1.20
 
 require (
 	github.com/gorilla/mux v1.8.0

integration/integration_test.go

@@ -37,8 +37,6 @@ func getIntegrationTest(numNodes, numVotes int) func(*testing.T) {
 		adminID := "first admin"
 
 		// ##### SETUP ENV #####
-		// make tests reproducible
-		rand.Seed(1)
 
 		delaPkg.Logger = delaPkg.Logger.Level(zerolog.WarnLevel)
 
@@ -178,8 +176,6 @@ func getIntegrationTestCrash(numNodes, numVotes, failingNodes int) func(*testing
 		adminID := "first admin"
 
 		// ##### SETUP ENV #####
-		// make tests reproducible
-		rand.Seed(1)
 
 		delaPkg.Logger = delaPkg.Logger.Level(zerolog.WarnLevel)
 
@@ -328,8 +324,6 @@ func getIntegrationBenchmark(numNodes, numVotes int) func(*testing.B) {
 		adminID := "first admin"
 
 		// ##### SETUP ENV #####
-		// make tests reproducible
-		rand.Seed(1)
 
 		delaPkg.Logger = delaPkg.Logger.Level(zerolog.WarnLevel)
 

integration/performance_test.go

@@ -4,7 +4,6 @@ import (
 	"crypto/sha256"
 	"encoding/base64"
 	"fmt"
-	"math/rand"
 	"os"
 	"strconv"
 	"strings"
@@ -31,8 +30,6 @@ func BenchmarkIntegration_CustomVotesScenario(b *testing.B) {
 	adminID := "I am an admin"
 
 	// ##### SETUP ENV #####
-	// make tests reproducible
-	rand.Seed(1)
 
 	dirPath, err := os.MkdirTemp(os.TempDir(), "d-voting-three-votes")
 	require.NoError(b, err)

integration/scenario_test.go

@@ -72,7 +72,6 @@ func getScenarioTest(numNodes int, numVotes int, numForm int) func(*testing.T) {
 
 func startFormProcess(wg *sync.WaitGroup, numNodes, numVotes, numSec int, proxyArray []string, t *testing.T, numForm int, testType testType) {
 	defer wg.Done()
-	rand.Seed(0)
 
 	const contentType = "application/json"
 	secretkeyBuf, err := hex.DecodeString("28912721dfd507e198b31602fb67824856eb5a674c021d49fdccbe52f0234409")

integration/votes_test.go

@@ -2,7 +2,6 @@ package integration
 
 import (
 	"fmt"
-	"math/rand"
 	"os"
 	"strconv"
 
@@ -34,8 +33,6 @@ func getIntegrationTestBadVote(numNodes, numVotes, numBadVotes int) func(*testin
 		adminID := "first admin"
 
 		// ##### SETUP ENV #####
-		// make tests reproducible
-		rand.Seed(1)
 
 		delaPkg.Logger = delaPkg.Logger.Level(zerolog.WarnLevel)
 
@@ -174,8 +171,6 @@ func getIntegrationTestRevote(numNodes, numVotes, numRevotes int) func(*testing.
 		adminID := "first admin"
 
 		// ##### SETUP ENV #####
-		// make tests reproducible
-		rand.Seed(1)
 
 		delaPkg.Logger = delaPkg.Logger.Level(zerolog.WarnLevel)
 

scripts/.gitignore

@@ -0,0 +1 @@
+formid.env

scripts/local_forms.sh

@@ -6,6 +6,7 @@ SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)
 echo "add form"
 RESP=$(curl -sk "$FRONTEND_URL/api/evoting/forms" -X POST -H 'Content-Type: application/json' -b cookies.txt --data-raw $'{"Configuration":{"Title":{"En":"Colours","Fr":"","De":""},"Scaffold":[{"ID":"A7GsJxVJ","Title":{"En":"Colours","Fr":"","De":""},"Order":["GhidLIfw"],"Ranks":[],"Selects":[{"ID":"GhidLIfw","Title":{"En":"RGB","Fr":"","De":"RGB"},"MaxN":3,"MinN":1,"Choices":["{\\"en\\":\\"Red\\",\\"de\\":\\"Rot\\"}","{\\"en\\":\\"Green\\",\\"de\\":\\"Gr\xfcn\\"}","{\\"en\\":\\"Blue\\",\\"de\\":\\"Blau\\"}"],"Hint":{"En":"","Fr":"","De":"RGB"}}],"Texts":[],"Subjects":[]}]}}')
 FORMID=$(echo "$RESP" | jq -r .FormID)
+echo "FORMID=$FORMID" > "$SCRIPT_DIR/formid.env"
 
 echo "add permissions - it's normal to have a timeout error after this command"
 curl -k "$FRONTEND_URL/api/evoting/authorizations" -X PUT -H 'Content-Type: application/json' -b cookies.txt --data "$(jq -cn --arg FormID $FORMID '$ARGS.named')" -m 1

scripts/test_admin_nonowner_addvote.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+# This script tests that an admin who is not the owner of a form
+# cannot add voters to the form.
+# It also tests that the admin who created the form can actually add
+# voters to the form.
+
+SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)
+"$SCRIPT_DIR/run_local.sh"
+
+. "$SCRIPT_DIR/local_vars.sh"
+SECOND_ADMIN=123321
+echo "Adding $SECOND_ADMIN to admin"
+(cd web/backend && npx ts-node src/cli.ts addAdmin --sciper $SECOND_ADMIN | grep -v Executing)
+
+"$SCRIPT_DIR/local_proxies.sh"
+"$SCRIPT_DIR/local_forms.sh"
+
+. "$SCRIPT_DIR/formid.env"
+
+tmp_dir=$(mktemp -d)
+trap 'rm -rf -- "tmpdir"' EXIT
+
+tmp_cookie_owner="$tmp_dir/cookie_owner"
+curl -k "$FRONTEND_URL/api/get_dev_login/$REACT_APP_SCIPER_ADMIN" -X GET -c "$tmp_cookie_owner" -o /dev/null -s
+tmp_cookie_nonowner="$tmp_dir/cookie_nonowner"
+curl -k "$FRONTEND_URL/api/get_dev_login/$SECOND_ADMIN" -X GET -c "$tmp_cookie_nonowner" -o /dev/null -s
+
+echo "This should fail with an error that we're not allowed"
+tmp_output="$tmp_dir/output"
+curl -s 'http://localhost:3000/api/add_role' \
+  -H 'Content-Type: application/json' \
+  --data-raw "{\"userId\":444555,\"subject\":\"$FORMID\",\"permission\":\"vote\"}" \
+  -b "$tmp_cookie_nonowner" 2>&1 | tee "$tmp_output"
+echo
+
+if ! grep -q "not owner of form" "$tmp_output"; then
+  echo
+  echo "ERROR: Reply should be 'not owner of form'"
+  exit 1
+fi
+
+echo "This should pass for the owner of the form"
+curl 'http://localhost:3000/api/add_role' \
+  -H 'Content-Type: application/json' \
+  --data-raw "{\"userId\":444555,\"subject\":\"$FORMID\",\"permission\":\"vote\"}" \
+  -b "$tmp_cookie_owner"
+echo

web/backend/src/controllers/users.ts

@@ -28,6 +28,12 @@ usersRouter.post('/add_role', (req, res, next) => {
     return;
   }
 
+  if (req.body.permission === 'vote') {
+    if (!isAuthorized(req.session.userId, req.body.subject, PERMISSIONS.ACTIONS.OWN)) {
+      res.status(400).send('Unauthorized - not owner of form');
+    }
+  }
+
   addPolicy(req.body.userId, req.body.subject, req.body.permission)
     .then(() => {
       res.set(200).send();

web/frontend/src/language/de.json

@@ -218,7 +218,7 @@
     "operationFailure": "Der Vorgang ist fehlgeschlagen. Versuchen Sie, die Seite zu aktualisieren.",
     "shuffleFail": "Die Zufallsmischung ist fehlgeschlagen.",
     "voteImpossible": "Unmöglich abstimmen",
-    "notFoundVoteImpossible": "Zurück zur Formulartabelle",
+    "returnToFormTable": "Zurück zur Formulartabelle",
     "voteImpossibleDescription": "Das Formular ist nicht mehr zur Abstimmung geöffnet.",
     "yes": "Ja",
     "no": "Nein",
@@ -289,6 +289,8 @@
     "footerUnknown": "?",
     "footerVersion": "version:",
     "footerBuild": "build:",
-    "footerBuildTime": "in:"
+    "footerBuildTime": "in:",
+    "voteNotVoter": "Wählen nicht erlaubt.",
+    "voteNotVoterDescription": "Sie sind nicht wahlberechtigt in dieser Wahl. Falls Sie denken, dass ein Fehler vorliegt, wenden Sie sich bitte an die verantwortliche Stelle."
   }
 }

web/frontend/src/language/en.json

@@ -218,7 +218,7 @@
     "operationFailure": "The operation failed. Try refreshing the page.",
     "shuffleFail": "The shuffle operation failed.",
     "voteImpossible": "Vote Impossible",
-    "notFoundVoteImpossible": "Go back to form table",
+    "returnToFormTable": "Go back to form table",
     "voteImpossibleDescription": "The form is not open for voting anymore.",
     "yes": "Yes",
     "no": "No",
@@ -290,6 +290,8 @@
     "footerUnknown": "?",
     "footerVersion": "version:",
     "footerBuild": "build:",
-    "footerBuildTime": "in:"
+    "footerBuildTime": "in:",
+    "voteNotVoter": "Voting not allowed.",
+    "voteNotVoterDescription": "You are not allowed to vote in this form. If you believe this is an error, please contact the responsible of the service."
   }
 }

web/frontend/src/language/fr.json

@@ -218,7 +218,7 @@
     "operationFailure": "L'opération a échoué. Essayez de rafraichir la page.",
     "shuffleFail": "L'opération de mélange a échoué",
     "voteImpossible": "Vote Impossible",
-    "notFoundVoteImpossible": "Retournez à l'onglet des sondages",
+    "returnToFormTable": "Retournez à l'onglet des sondages",
     "voteImpossibleDescription": "Le sondage n'est plus ouvert au vote.",
     "yes": "Oui",
     "no": "Non",
@@ -289,6 +289,8 @@
     "footerUnknown": "?",
     "footerVersion": "version:",
     "footerBuild": "build:",
-    "footerBuildTime": "en:"
+    "footerBuildTime": "en:",
+    "voteNotVoter": "Interdit de voter.",
+    "voteNotVoterDescription": "Vous n'avez pas le droit de voter dans cette élection. Si vous pensez qu'il s'agit d'une erreur, veuillez contacter le/la reponsable de service."
   }
 }

web/frontend/src/pages/ballot/Show.tsx

@@ -1,4 +1,6 @@
-import { FC, useState } from 'react';
+import { FC, useContext, useState } from 'react';
+import { AuthContext } from 'index';
+import { isVoter } from './../../utils/auth';
 import { useTranslation } from 'react-i18next';
 import { useParams } from 'react-router-dom';
 import kyber from '@dedis/kyber';
@@ -17,7 +19,7 @@ import { useConfiguration } from 'components/utils/useConfiguration';
 import { Status } from 'types/form';
 import { ballotIsValid } from './components/ValidateAnswers';
 import BallotDisplay from './components/BallotDisplay';
-import FormClosed from './components/FormClosed';
+import FormNotAvailable from './components/FormNotAvailable';
 import Loading from 'pages/Loading';
 import RedirectToModal from 'components/modal/RedirectToModal';
 import { default as i18n } from 'i18next';
@@ -39,6 +41,7 @@ const Ballot: FC = () => {
   const [castVoteLoading, setCastVoteLoading] = useState(false);
 
   const navigate = useNavigate();
+  const { authorization, isLogged } = useContext(AuthContext);
 
   const hexToBytes = (hex: string) => {
     const bytes: number[] = [];
@@ -113,6 +116,8 @@ const Ballot: FC = () => {
     event.currentTarget.disabled = true;
   };
 
+  const userIsVoter = isVoter(formID, authorization, isLogged);
+
   return (
     <>
       <RedirectToModal
@@ -127,7 +132,7 @@ const Ballot: FC = () => {
         <Loading />
       ) : (
         <>
-          {status === Status.Open && (
+          {status === Status.Open && userIsVoter && (
             <div className="w-[60rem] font-sans px-4 pt-8 pb-4">
               <div className="pb-2">
                 <h2 className="text-2xl font-bold leading-7 text-gray-900 sm:text-3xl sm:truncate">
@@ -165,7 +170,8 @@ const Ballot: FC = () => {
               </div>
             </div>
           )}
-          {status !== Status.Open && <FormClosed />}
+          {!userIsVoter && <FormNotAvailable isVoter={false} />}
+          {status !== Status.Open && <FormNotAvailable isVoter={true} />}
         </>
       )}
     </>