diff --git a/scripts/local_vars.sh b/scripts/local_vars.sh index f6619b2fa..2e834396f 100644 --- a/scripts/local_vars.sh +++ b/scripts/local_vars.sh @@ -12,5 +12,7 @@ export DB_PATH="$(pwd)/nodes/llmdb" # The following two variables can be set to see log output from dela: #export PROXY_LOG=info #export LLVL=info -# If this is set, you can login without Gaspar +# Logging in without Gaspar and SCIPER 100100 export REACT_APP_DEV_LOGIN="true" +# Create random voter-IDs to allow easier testing +export REACT_APP_RANDOMIZE_VOTE_ID="true" diff --git a/web/backend/src/controllers/dela.ts b/web/backend/src/controllers/dela.ts index 5129ccadf..21786f865 100644 --- a/web/backend/src/controllers/dela.ts +++ b/web/backend/src/controllers/dela.ts @@ -233,7 +233,7 @@ delaRouter.delete('/forms/:formID', (req, res) => { // request that needs to go the DELA nodes delaRouter.use('/*', (req, res) => { if (!req.session.userId) { - res.status(400).send('Unauthorized'); + res.status(401).send('Authentication required!'); return; } @@ -242,10 +242,6 @@ delaRouter.use('/*', (req, res) => { // special case for voting const match = req.baseUrl.match('/api/evoting/forms/(.*)/vote'); if (match) { - if (!req.session.userId) { - res.status(401).send('Authentication required!'); - return; - } if (!isAuthorized(req.session.userId, match[1], PERMISSIONS.ACTIONS.VOTE)) { res.status(400).send('Unauthorized'); return; @@ -257,9 +253,11 @@ delaRouter.use('/*', (req, res) => { // translate UserIDs to another random ID. // bodyData.UserID = req.session.userId.toString(); - // DEBUG: this is only for debugging and needs to be replaced before production - console.warn('DEV CODE - randomizing the SCIPER ID to allow for unlimited votes'); - bodyData.UserID = makeid(10); + if (process.env.REACT_APP_RANDOMIZE_VOTE_ID === 'true') { + // DEBUG: this is only for debugging and needs to be replaced before production + console.warn('DEV CODE - randomizing the SCIPER ID to allow for unlimited votes'); + bodyData.UserID = makeid(10); + } } const dataStr = JSON.stringify(bodyData);