made sure that, if voting as local-election voter, not logged out of overall account

7c6d8978 · Ben Adida · 9e04f5d8 · 7c6d8978 · 7c6d8978
Commit 7c6d8978 authored 14 years ago by Ben Adida
--- a/helios/tests.py
+++ b/helios/tests.py
@@ -483,6 +483,10 @@ class ElectionBlackboxTests(TestCase):
        self.assertContains(response, ballot.hash)
        self.assertContains(response, html_escape(encrypted_vote))

+        # if we request the redirect to cast_done, the voter should be logged out, but not the user
+        response = self.client.get("/helios/elections/%s/cast_done" % election_id)
+        assert not self.client.session.has_key('CURRENT_VOTER')
+
        # encrypted tally
        response = self.client.post("/helios/elections/%s/compute_tally" % election_id, {
                "csrf_token" : self.client.session['csrf_token']                

--- a/helios/views.py
+++ b/helios/views.py
@@ -649,7 +649,13 @@ def one_election_cast_done(request, election):
    votes = CastVote.get_by_voter(voter)
    vote_hash = votes[0].vote_hash

+    # only log out if the setting says so *and* we're dealing
+    # with a site-wide voter. Definitely remove current_voter
+    if voter.user == user:
      logout = settings.LOGOUT_ON_CONFIRMATION
+    else:
+      logout = False
+      del request.session['CURRENT_VOTER']

    save_in_session_across_logouts(request, 'last_vote_hash', vote_hash)
  else:
@@ -664,7 +670,8 @@ def one_election_cast_done(request, election):
  #   auth_views.do_local_logout(request)
    
  # remote logout is happening asynchronously in an iframe to be modular given the logout mechanism
-  return render_template(request, 'cast_done', {'election': election, 'vote_hash': vote_hash, 'logout': logout}, include_user=False)
+  # include_user is set to False if logout is happening
+  return render_template(request, 'cast_done', {'election': election, 'vote_hash': vote_hash, 'logout': logout}, include_user=(not logout))

 @election_view()
 @json