@pierluca's comments

- check doesn't work
- use variable for randomizing vote ID

scripts/local_vars.sh

@@ -12,5 +12,7 @@ export DB_PATH="$(pwd)/nodes/llmdb"
 # The following two variables can be set to see log output from dela:
 #export PROXY_LOG=info
 #export LLVL=info
-# If this is set, you can login without Gaspar
+# Logging in without Gaspar and SCIPER 100100
 export REACT_APP_DEV_LOGIN="true"
+# Create random voter-IDs to allow easier testing
+export REACT_APP_RANDOMIZE_VOTE_ID="true"

web/backend/src/controllers/dela.ts

@@ -233,7 +233,7 @@ delaRouter.delete('/forms/:formID', (req, res) => {
 // request that needs to go the DELA nodes
 delaRouter.use('/*', (req, res) => {
   if (!req.session.userId) {
-    res.status(400).send('Unauthorized');
+    res.status(401).send('Authentication required!');
     return;
   }
 
@@ -242,10 +242,6 @@ delaRouter.use('/*', (req, res) => {
   // special case for voting
   const match = req.baseUrl.match('/api/evoting/forms/(.*)/vote');
   if (match) {
-    if (!req.session.userId) {
-      res.status(401).send('Authentication required!');
-      return;
-    }
     if (!isAuthorized(req.session.userId, match[1], PERMISSIONS.ACTIONS.VOTE)) {
       res.status(400).send('Unauthorized');
       return;
@@ -257,9 +253,11 @@ delaRouter.use('/*', (req, res) => {
     // translate UserIDs to another random ID.
     // bodyData.UserID = req.session.userId.toString();
 
-    // DEBUG: this is only for debugging and needs to be replaced before production
-    console.warn('DEV CODE - randomizing the SCIPER ID to allow for unlimited votes');
-    bodyData.UserID = makeid(10);
+    if (process.env.REACT_APP_RANDOMIZE_VOTE_ID === 'true') {
+      // DEBUG: this is only for debugging and needs to be replaced before production
+      console.warn('DEV CODE - randomizing the SCIPER ID to allow for unlimited votes');
+      bodyData.UserID = makeid(10);
+    }
   }
 
   const dataStr = JSON.stringify(bodyData);